General
-
Target
ptrjctad.rmz
-
Size
342KB
-
Sample
210204-32mp2r8qdn
-
MD5
ea8d08d8faecc54887e4dc2be3b3b341
-
SHA1
2811f4b31e912a40b871b96f3f7c15d3d4c0ffb9
-
SHA256
534a598ae3170e8f39e8cc1fb1976a8bbeb418128fb23fde6420fe624eee2ec6
-
SHA512
089dfcc735aecdbf57251eb24dce7c7df8fa23f5c2bdd15da3b61d7f77bf4626ef93c5d24873b19b939278dac1b8e4f700d80e4876e3e0164b361fcd773bab5e
Static task
static1
Malware Config
Extracted
emotet
Epoch2
12.175.220.98:80
162.241.204.233:8080
50.116.111.59:8080
172.86.188.251:8080
139.99.158.11:443
66.57.108.14:443
75.177.207.146:80
194.190.67.75:80
50.245.107.73:443
173.70.61.180:80
85.105.205.77:8080
104.131.11.150:443
62.75.141.82:80
70.92.118.112:80
194.4.58.192:7080
120.150.60.189:80
24.231.88.85:80
78.24.219.147:8080
110.142.236.207:80
119.59.116.21:8080
144.217.7.207:7080
95.213.236.64:8080
46.105.131.79:8080
176.111.60.55:8080
174.118.202.24:443
94.23.237.171:443
138.68.87.218:443
110.145.101.66:443
134.209.144.106:443
74.208.45.104:8080
24.178.90.49:80
172.125.40.123:80
157.245.99.39:8080
118.83.154.64:443
202.134.4.211:8080
121.124.124.40:7080
172.104.97.173:8080
110.145.11.73:80
172.105.13.66:443
168.235.67.138:7080
78.188.225.105:80
59.21.235.119:80
185.94.252.104:443
24.179.13.119:80
49.205.182.134:80
51.89.36.180:443
115.21.224.117:80
202.134.4.216:8080
190.251.200.206:80
78.189.148.42:80
220.245.198.194:80
85.105.111.166:80
5.39.91.110:7080
203.153.216.189:7080
93.146.48.84:80
181.165.68.127:80
70.183.211.3:80
47.144.21.37:80
167.114.153.111:8080
75.109.111.18:80
24.69.65.8:8080
188.165.214.98:8080
187.161.206.24:80
74.58.215.226:80
74.128.121.17:80
24.164.79.147:8080
139.59.60.244:8080
136.244.110.184:8080
2.58.16.89:8080
79.137.83.50:443
139.162.60.124:8080
89.216.122.92:80
188.219.31.12:80
190.103.228.24:80
109.74.5.95:8080
87.106.139.101:8080
78.182.254.231:80
74.40.205.197:443
89.106.251.163:80
69.49.88.46:80
62.171.142.179:8080
217.20.166.178:7080
161.0.153.60:80
37.187.72.193:8080
190.240.194.77:443
5.2.212.254:80
200.116.145.225:443
98.109.133.80:80
75.113.193.72:80
115.94.207.99:443
109.116.245.80:80
123.176.25.234:80
120.150.218.241:443
50.91.114.38:80
180.222.161.85:80
186.74.215.34:80
95.9.5.93:80
64.207.182.168:8080
197.211.245.21:80
61.19.246.238:443
37.139.21.175:8080
181.171.209.241:443
185.201.9.197:8080
71.72.196.159:80
41.185.28.84:8080
Extracted
emotet
LEA
80.158.3.161:443
80.158.51.209:8080
80.158.35.51:80
80.158.63.78:443
80.158.53.167:80
80.158.62.194:443
80.158.59.174:8080
80.158.43.136:80
Targets
-
-
Target
ptrjctad.rmz
-
Size
342KB
-
MD5
ea8d08d8faecc54887e4dc2be3b3b341
-
SHA1
2811f4b31e912a40b871b96f3f7c15d3d4c0ffb9
-
SHA256
534a598ae3170e8f39e8cc1fb1976a8bbeb418128fb23fde6420fe624eee2ec6
-
SHA512
089dfcc735aecdbf57251eb24dce7c7df8fa23f5c2bdd15da3b61d7f77bf4626ef93c5d24873b19b939278dac1b8e4f700d80e4876e3e0164b361fcd773bab5e
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation