General

  • Target

    57039060a9602ebb4c460e99f214ebfc5c9e28f9ed608b01b5de00bdf076c0cc

  • Size

    346KB

  • Sample

    210123-ptx3cghjpx

  • MD5

    c9a1384ed75203327358b0e0d3c7a47a

  • SHA1

    0c350a053902297e4b6f0b4f9fa30aea103f4363

  • SHA256

    57039060a9602ebb4c460e99f214ebfc5c9e28f9ed608b01b5de00bdf076c0cc

  • SHA512

    4f622bb6858ff1ffc94a4241b31cce740e4a5d74c9f18d2d36e451e13f05a34f293ce5f43d3e196e13f30a43340bba8b1b80253dca4a2494d7421ff97ee193e7

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

84.232.229.24:80

51.255.203.164:8080

217.160.169.110:8080

51.15.7.145:80

177.85.167.10:80

186.177.174.163:80

190.114.254.163:8080

185.183.16.47:80

149.202.72.142:7080

181.30.61.163:443

31.27.59.105:80

50.28.51.143:8080

68.183.190.199:8080

85.214.26.7:8080

137.74.106.111:7080

200.75.39.254:80

85.105.239.184:443

190.45.24.210:80

170.81.48.2:80

109.101.137.162:8080

rsa_pubkey.plain

Targets

    • Target

      57039060a9602ebb4c460e99f214ebfc5c9e28f9ed608b01b5de00bdf076c0cc

    • Size

      346KB

    • MD5

      c9a1384ed75203327358b0e0d3c7a47a

    • SHA1

      0c350a053902297e4b6f0b4f9fa30aea103f4363

    • SHA256

      57039060a9602ebb4c460e99f214ebfc5c9e28f9ed608b01b5de00bdf076c0cc

    • SHA512

      4f622bb6858ff1ffc94a4241b31cce740e4a5d74c9f18d2d36e451e13f05a34f293ce5f43d3e196e13f30a43340bba8b1b80253dca4a2494d7421ff97ee193e7

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks