General

  • Target

    90e4f02ab9157f389d785c3dcddfa432085b237f2a4c3befb4a093d0f2711b5b

  • Size

    647KB

  • Sample

    210126-avsn5j8x5a

  • MD5

    13b9d586bb973ac14bfa24e4ae7b24f1

  • SHA1

    a5653ebe4fa9f906554e56f4d732489189c3a3f9

  • SHA256

    90e4f02ab9157f389d785c3dcddfa432085b237f2a4c3befb4a093d0f2711b5b

  • SHA512

    517b1728ac24a587c6a4ccb7c0ea18f2059609958eb06f06107efd5a2e06faf0caa78c49f252e8b2e602a88de194e7edb1f4aaf1efe423298e94257c3df902ae

Score
10/10

Malware Config

Extracted

Family

emotet

Botnet

LEA

C2

80.158.59.174:8080

80.158.43.136:80

80.158.3.161:443

80.158.51.209:8080

80.158.35.51:80

80.158.63.78:443

80.158.53.167:80

80.158.62.194:443

rsa_pubkey.plain

Targets

    • Target

      90e4f02ab9157f389d785c3dcddfa432085b237f2a4c3befb4a093d0f2711b5b

    • Size

      647KB

    • MD5

      13b9d586bb973ac14bfa24e4ae7b24f1

    • SHA1

      a5653ebe4fa9f906554e56f4d732489189c3a3f9

    • SHA256

      90e4f02ab9157f389d785c3dcddfa432085b237f2a4c3befb4a093d0f2711b5b

    • SHA512

      517b1728ac24a587c6a4ccb7c0ea18f2059609958eb06f06107efd5a2e06faf0caa78c49f252e8b2e602a88de194e7edb1f4aaf1efe423298e94257c3df902ae

    Score
    10/10
    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet Payload

      Detects Emotet payload in memory.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation