ptrjctad.rmz

General
Target

ptrjctad.rmz

Size

342KB

Sample

210204-32mp2r8qdn

Score
10 /10
MD5

ea8d08d8faecc54887e4dc2be3b3b341

SHA1

2811f4b31e912a40b871b96f3f7c15d3d4c0ffb9

SHA256

534a598ae3170e8f39e8cc1fb1976a8bbeb418128fb23fde6420fe624eee2ec6

SHA512

089dfcc735aecdbf57251eb24dce7c7df8fa23f5c2bdd15da3b61d7f77bf4626ef93c5d24873b19b939278dac1b8e4f700d80e4876e3e0164b361fcd773bab5e

Malware Config

Extracted

Family emotet
Botnet Epoch2
C2

12.175.220.98:80

162.241.204.233:8080

50.116.111.59:8080

172.86.188.251:8080

139.99.158.11:443

66.57.108.14:443

75.177.207.146:80

194.190.67.75:80

50.245.107.73:443

173.70.61.180:80

85.105.205.77:8080

104.131.11.150:443

62.75.141.82:80

70.92.118.112:80

194.4.58.192:7080

120.150.60.189:80

24.231.88.85:80

78.24.219.147:8080

110.142.236.207:80

119.59.116.21:8080

144.217.7.207:7080

95.213.236.64:8080

46.105.131.79:8080

176.111.60.55:8080

174.118.202.24:443

94.23.237.171:443

138.68.87.218:443

110.145.101.66:443

134.209.144.106:443

74.208.45.104:8080

24.178.90.49:80

172.125.40.123:80

157.245.99.39:8080

118.83.154.64:443

202.134.4.211:8080

121.124.124.40:7080

172.104.97.173:8080

110.145.11.73:80

172.105.13.66:443

168.235.67.138:7080

78.188.225.105:80

59.21.235.119:80

185.94.252.104:443

24.179.13.119:80

49.205.182.134:80

51.89.36.180:443

115.21.224.117:80

202.134.4.216:8080

190.251.200.206:80

78.189.148.42:80

rsa_pubkey.plain

Extracted

Family emotet
Botnet LEA
C2

80.158.3.161:443

80.158.51.209:8080

80.158.35.51:80

80.158.63.78:443

80.158.53.167:80

80.158.62.194:443

80.158.59.174:8080

80.158.43.136:80

rsa_pubkey.plain
Targets
Target

ptrjctad.rmz

MD5

ea8d08d8faecc54887e4dc2be3b3b341

Filesize

342KB

Score
10/10
SHA1

2811f4b31e912a40b871b96f3f7c15d3d4c0ffb9

SHA256

534a598ae3170e8f39e8cc1fb1976a8bbeb418128fb23fde6420fe624eee2ec6

SHA512

089dfcc735aecdbf57251eb24dce7c7df8fa23f5c2bdd15da3b61d7f77bf4626ef93c5d24873b19b939278dac1b8e4f700d80e4876e3e0164b361fcd773bab5e

Tags

Signatures

  • Emotet

    Description

    Emotet is a trojan that is primarily spread through spam emails.

    Tags

  • Blocklisted process makes network request

  • Loads dropped DLL

  • Drops file in System32 directory

  • Enumerates physical storage devices

    Description

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10