Overview

overview

10

Static

static

NoNet

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    E2-20201118_141759.zip

  • Size

    148KB

  • Sample

    201118-q63da9q6c2

  • MD5

    fa541ef43e1473d845aa50ccaba6aa23

  • SHA1

    df7704aec365df548379c91a721d31989d8d4ef1

  • SHA256

    948ae9b9e469c0df7478cf8840a78869299e59ffd85b581840b39abc89760001

  • SHA512

    2b8b5dda4c387ca02f31b4e7a2f5a5935163ec158b614bf042d6985fa5da1474e6ff23db4e8561a6f573e9d4482cc2de0e5e4da1a49d19108e8f27139690b8f5

Score
10/10
emotetepoch2bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

72.27.212.209:8080

172.125.40.123:80

185.201.9.197:8080

64.207.182.168:8080

51.89.36.180:443

24.179.13.119:80

142.112.10.95:20

100.37.240.62:80

173.173.254.105:80

190.29.166.0:80

37.187.72.193:8080

194.4.58.192:7080

109.74.5.95:8080

172.86.188.251:8080

67.10.155.92:80

209.141.54.221:7080

202.134.4.211:8080

172.91.208.86:80

220.245.198.194:80

120.150.218.241:443
rsa_pubkey.plain

Targets

    • Target

      f28e02bd1e9cc701437328dc7bec07b439b5b97277a7983e9ca302fbc550e48a.exe

    • Size

      248KB

    • MD5

      8b273f919ea075cff8c652c51a301bbb

    • SHA1

      917baa65532900d1dbd0a3925a898ecf0b4cd569

    • SHA256

      f28e02bd1e9cc701437328dc7bec07b439b5b97277a7983e9ca302fbc550e48a

    • SHA512

      b71c4aa7259535889126742045c820f703a5a9caa49b8496620d4566da22f65706e7e617d34ac08e741d96da0f98e617daac2ca02882ab887a4f98fe432d699e

    Score
    10/10
    emotetepoch2bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Emotet Payload

      Detects Emotet payload in memory.

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix

Tasks