General

  • Target

    tfvxeurehkyz.wut

  • Size

    404KB

  • Sample

    210126-13k64pez2a

  • MD5

    9a062ead5b2d55af0a5a4b39c5b5eadc

  • SHA1

    fc83367be87c700a696b0329dab538b5e47d90bf

  • SHA256

    a9c68d527223db40014d067cf4fdae5be46cca67387e9cfdff118276085f23ef

  • SHA512

    693ab862c7e3c5dad3ca3d44bbc4a5a4c2391ff558e02e86e4c1d7d1fa7c00b4acf1c426ca619dea2b422997caaf1f0ecba37ec0ffca19edaca297005c9ad861

Score
10/10

Malware Config

Extracted

Family

emotet

Botnet

LEA

C2

80.158.3.161:443

80.158.51.209:8080

80.158.35.51:80

80.158.63.78:443

80.158.53.167:80

80.158.62.194:443

80.158.59.174:8080

80.158.43.136:80

rsa_pubkey.plain

Targets

    • Target

      tfvxeurehkyz.wut

    • Size

      404KB

    • MD5

      9a062ead5b2d55af0a5a4b39c5b5eadc

    • SHA1

      fc83367be87c700a696b0329dab538b5e47d90bf

    • SHA256

      a9c68d527223db40014d067cf4fdae5be46cca67387e9cfdff118276085f23ef

    • SHA512

      693ab862c7e3c5dad3ca3d44bbc4a5a4c2391ff558e02e86e4c1d7d1fa7c00b4acf1c426ca619dea2b422997caaf1f0ecba37ec0ffca19edaca297005c9ad861

    Score
    10/10
    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation