General

  • Target

    sample.pe

  • Size

    209KB

  • Sample

    210113-5sa85q193j

  • MD5

    1b17ddb20a1593554449757b725d44a0

  • SHA1

    2c0636a9eaec8f3046d353d7cce5fcbe1d98f239

  • SHA256

    27c3e4bc2194534a3cdaec0659490b039ea31414acb324c937ac96e32de2ddba

  • SHA512

    5d11ac5505b128f7b33d12b7ba223f89f511df019285877ac5b37823042bb61dc190134a82e39b4aff275068bff5eb9b0ef87f6d6a7e94f90147982098e4b7de

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

74.58.215.226:80

24.164.79.147:8080

157.245.123.197:8080

50.116.111.59:8080

173.249.20.233:443

78.188.225.105:80

75.177.207.146:80

136.244.110.184:8080

194.190.67.75:80

70.92.118.112:80

110.145.101.66:443

194.4.58.192:7080

217.20.166.178:7080

109.74.5.95:8080

110.145.11.73:80

66.57.108.14:443

78.189.148.42:80

144.217.7.207:7080

120.150.60.189:80

37.139.21.175:8080

rsa_pubkey.plain

Targets

    • Target

      sample.pe

    • Size

      209KB

    • MD5

      1b17ddb20a1593554449757b725d44a0

    • SHA1

      2c0636a9eaec8f3046d353d7cce5fcbe1d98f239

    • SHA256

      27c3e4bc2194534a3cdaec0659490b039ea31414acb324c937ac96e32de2ddba

    • SHA512

      5d11ac5505b128f7b33d12b7ba223f89f511df019285877ac5b37823042bb61dc190134a82e39b4aff275068bff5eb9b0ef87f6d6a7e94f90147982098e4b7de

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks