OwM.exe

General
Target

OwM.exe

Size

352KB

Sample

201118-76xzhmmraa

Score
10 /10
MD5

6d1b5143db2fe11b313248fc9714408a

SHA1

8a6e83834db5b15af90dcaaa9e27187a2834f068

SHA256

9d67cfa82ab85d6579b976983b21d80237a08fb1d5400210e8072032858b7aba

SHA512

61bf57a37e6ccf140d39714524af20b223a124ddb79b28ba6e434878fa2a412bda201de6d816e7e4c947b08aa74d1b6c17d736920eb9057fccb4927bbfdf96b8

Malware Config

Extracted

Family emotet
Botnet Epoch3
C2

152.32.75.74:443

91.121.200.35:8080

159.203.16.11:8080

188.226.165.170:8080

172.193.79.237:80

123.216.134.52:80

183.91.3.63:80

139.59.61.215:443

185.80.172.199:80

77.74.78.80:443

153.229.219.1:443

113.203.238.130:80

120.51.34.254:80

116.202.10.123:8080

5.2.246.108:80

50.116.78.109:8080

103.80.51.61:8080

190.55.186.229:80

185.142.236.163:443

223.17.215.76:80

188.80.27.54:80

78.90.78.210:80

213.165.178.214:80

82.78.179.117:443

178.33.167.120:8080

58.27.215.3:8080

190.212.140.6:80

177.130.51.198:80

187.193.221.143:80

190.194.12.132:80

5.79.70.250:8080

2.82.75.215:80

79.133.6.236:8080

8.4.9.137:8080

188.166.220.180:7080

203.56.191.129:8080

58.94.58.13:80

189.123.103.233:80

190.180.65.104:80

54.38.143.245:8080

46.105.131.68:8080

119.228.75.211:80

162.144.145.58:8080

36.91.44.183:80

41.76.213.144:8080

202.29.237.113:8080

47.154.85.229:80

42.200.96.63:80

195.201.56.70:8080

41.185.29.128:8080
rsa_pubkey.plain
Targets
Target

OwM.exe

MD5

6d1b5143db2fe11b313248fc9714408a

Filesize

352KB

Score
10 /10
SHA1

8a6e83834db5b15af90dcaaa9e27187a2834f068

SHA256

9d67cfa82ab85d6579b976983b21d80237a08fb1d5400210e8072032858b7aba

SHA512

61bf57a37e6ccf140d39714524af20b223a124ddb79b28ba6e434878fa2a412bda201de6d816e7e4c947b08aa74d1b6c17d736920eb9057fccb4927bbfdf96b8

Tags

Signatures

  • Emotet

    Description

    Emotet is a trojan that is primarily spread through spam emails.

    Tags

  • Emotet Payload

    Description

    Detects Emotet payload in memory.

Related Tasks

behavioral1
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10