61e37534bfb2acbb787788100b1932f5011cbc98db86ce10b7a8a730d2a4de35

General
Target

61e37534bfb2acbb787788100b1932f5011cbc98db86ce10b7a8a730d2a4de35

Size

256KB

Sample

210223-av45mnff16

Score
10 /10
MD5

b12817c1c8ba085a7a82655fba90e53d

SHA1

1f56268ada7ef3e7b788121cfa2ca1879cf70f1e

SHA256

61e37534bfb2acbb787788100b1932f5011cbc98db86ce10b7a8a730d2a4de35

SHA512

788a14c7f1bd001650f9eb01f9d7031bd99853bbb4de5a62b88c4c28bf60f5118a5b6884387c8880388dd3ba78b87caa312e3b82f8351db41befbb8b76aac672

Malware Config

Extracted

Family emotet
Botnet Epoch2
C2

190.144.18.198:80

79.143.178.194:8080

87.106.136.232:8080

87.106.139.101:8080

37.187.72.193:8080

114.145.241.208:80

195.244.215.206:80

185.94.252.104:443

5.39.91.110:7080

169.239.182.217:8080

46.105.131.79:8080

58.171.38.26:80

37.139.21.175:8080

190.160.53.126:80

95.213.236.64:8080

78.186.5.109:443

190.55.181.54:443

59.20.65.102:80

62.75.187.192:8080

110.145.77.103:80

31.31.77.83:443

101.187.97.173:80

5.196.74.210:8080

41.60.200.34:80

121.124.124.40:7080

78.24.219.147:8080

162.154.38.103:80

120.151.135.224:80

79.45.112.220:80

74.208.45.104:8080

103.86.49.11:8080

162.241.92.219:8080

153.126.210.205:7080

78.189.165.52:8080

201.173.217.124:443

113.160.130.116:8443

153.133.224.78:80

178.20.74.212:80

104.131.44.150:8080

211.63.71.72:8080

177.230.81.0:22

46.105.131.87:80

50.116.86.205:8080

93.51.50.171:8080

62.75.141.82:80

209.141.54.221:8080

62.138.26.28:8080

186.208.123.210:443

200.41.121.90:80

139.130.242.43:80

rsa_pubkey.plain

Extracted

Family emotet
Botnet LEA
C2

80.158.59.174:8080

80.158.43.136:80

80.158.3.161:443

80.158.51.209:8080

80.158.35.51:80

80.158.63.78:443

80.158.53.167:80

80.158.62.194:443

rsa_pubkey.plain
Targets
Target

61e37534bfb2acbb787788100b1932f5011cbc98db86ce10b7a8a730d2a4de35

MD5

b12817c1c8ba085a7a82655fba90e53d

Filesize

256KB

Score
10/10
SHA1

1f56268ada7ef3e7b788121cfa2ca1879cf70f1e

SHA256

61e37534bfb2acbb787788100b1932f5011cbc98db86ce10b7a8a730d2a4de35

SHA512

788a14c7f1bd001650f9eb01f9d7031bd99853bbb4de5a62b88c4c28bf60f5118a5b6884387c8880388dd3ba78b87caa312e3b82f8351db41befbb8b76aac672

Tags

Signatures

  • Emotet

    Description

    Emotet is a trojan that is primarily spread through spam emails.

    Tags

  • Emotet Payload

    Description

    Detects Emotet payload in memory.

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10