General

  • Target

    61e37534bfb2acbb787788100b1932f5011cbc98db86ce10b7a8a730d2a4de35

  • Size

    256KB

  • Sample

    210223-av45mnff16

  • MD5

    b12817c1c8ba085a7a82655fba90e53d

  • SHA1

    1f56268ada7ef3e7b788121cfa2ca1879cf70f1e

  • SHA256

    61e37534bfb2acbb787788100b1932f5011cbc98db86ce10b7a8a730d2a4de35

  • SHA512

    788a14c7f1bd001650f9eb01f9d7031bd99853bbb4de5a62b88c4c28bf60f5118a5b6884387c8880388dd3ba78b87caa312e3b82f8351db41befbb8b76aac672

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

190.144.18.198:80

79.143.178.194:8080

87.106.136.232:8080

87.106.139.101:8080

37.187.72.193:8080

114.145.241.208:80

195.244.215.206:80

185.94.252.104:443

5.39.91.110:7080

169.239.182.217:8080

46.105.131.79:8080

58.171.38.26:80

37.139.21.175:8080

190.160.53.126:80

95.213.236.64:8080

78.186.5.109:443

190.55.181.54:443

59.20.65.102:80

62.75.187.192:8080

110.145.77.103:80

rsa_pubkey.plain

Extracted

Family

emotet

Botnet

LEA

C2

80.158.59.174:8080

80.158.43.136:80

80.158.3.161:443

80.158.51.209:8080

80.158.35.51:80

80.158.63.78:443

80.158.53.167:80

80.158.62.194:443

rsa_pubkey.plain

Targets

    • Target

      61e37534bfb2acbb787788100b1932f5011cbc98db86ce10b7a8a730d2a4de35

    • Size

      256KB

    • MD5

      b12817c1c8ba085a7a82655fba90e53d

    • SHA1

      1f56268ada7ef3e7b788121cfa2ca1879cf70f1e

    • SHA256

      61e37534bfb2acbb787788100b1932f5011cbc98db86ce10b7a8a730d2a4de35

    • SHA512

      788a14c7f1bd001650f9eb01f9d7031bd99853bbb4de5a62b88c4c28bf60f5118a5b6884387c8880388dd3ba78b87caa312e3b82f8351db41befbb8b76aac672

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet Payload

      Detects Emotet payload in memory.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks