Overview

overview

10

Static

static

registeriepkeys.exe

windows7_x64

10

registeriepkeys.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    registeriepkeys.exe

  • Size

    385KB

  • Sample

    210218-k3ksfgnrqj

  • MD5

    ef8f78ba386eaf59a2d33361b3b052fc

  • SHA1

    8508f9fe9e1887fbeae7be9e723c00b8e35125ef

  • SHA256

    fa8475c06aa2cec56fa658fd22b3bd6647108146889fef56fbcb977429c9e9ce

  • SHA512

    0ba6bc3e6e3718e7fd8470f86d3daa15326da00b123536a18790fb12a2011f1897af00975e9ef5b9df5af01d72ff85b4fde64f1b57f065457565e61851ffe90b

Score
10/10
emotetepoch2bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

174.102.48.180:80

88.217.172.164:443

51.75.33.120:8080

62.138.26.28:8080

169.239.182.217:8080

114.146.222.200:80

116.203.32.252:8080

103.86.49.11:8080

74.120.55.163:80

41.60.200.34:80

209.182.216.177:443

157.245.99.39:8080

87.106.139.101:8080

152.168.248.128:443

104.236.246.93:8080

47.144.21.12:443

139.130.242.43:80

181.230.116.163:80

72.12.127.184:443

61.19.246.238:443
rsa_pubkey.plain

Targets

    • Target

      registeriepkeys.exe

    • Size

      385KB

    • MD5

      ef8f78ba386eaf59a2d33361b3b052fc

    • SHA1

      8508f9fe9e1887fbeae7be9e723c00b8e35125ef

    • SHA256

      fa8475c06aa2cec56fa658fd22b3bd6647108146889fef56fbcb977429c9e9ce

    • SHA512

      0ba6bc3e6e3718e7fd8470f86d3daa15326da00b123536a18790fb12a2011f1897af00975e9ef5b9df5af01d72ff85b4fde64f1b57f065457565e61851ffe90b

    Score
    10/10
    emotetepoch2bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Emotet Payload

      Detects Emotet payload in memory.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks