General
-
Target
61e37534bfb2acbb787788100b1932f5011cbc98db86ce10b7a8a730d2a4de35
-
Size
256KB
-
Sample
210223-av45mnff16
-
MD5
b12817c1c8ba085a7a82655fba90e53d
-
SHA1
1f56268ada7ef3e7b788121cfa2ca1879cf70f1e
-
SHA256
61e37534bfb2acbb787788100b1932f5011cbc98db86ce10b7a8a730d2a4de35
-
SHA512
788a14c7f1bd001650f9eb01f9d7031bd99853bbb4de5a62b88c4c28bf60f5118a5b6884387c8880388dd3ba78b87caa312e3b82f8351db41befbb8b76aac672
Static task
static1
Behavioral task
behavioral1
Sample
61e37534bfb2acbb787788100b1932f5011cbc98db86ce10b7a8a730d2a4de35.exe
Resource
win7v20201028
Malware Config
Extracted
emotet
Epoch2
190.144.18.198:80
79.143.178.194:8080
87.106.136.232:8080
87.106.139.101:8080
37.187.72.193:8080
114.145.241.208:80
195.244.215.206:80
185.94.252.104:443
5.39.91.110:7080
169.239.182.217:8080
46.105.131.79:8080
58.171.38.26:80
37.139.21.175:8080
190.160.53.126:80
95.213.236.64:8080
78.186.5.109:443
190.55.181.54:443
59.20.65.102:80
62.75.187.192:8080
110.145.77.103:80
31.31.77.83:443
101.187.97.173:80
5.196.74.210:8080
41.60.200.34:80
121.124.124.40:7080
78.24.219.147:8080
162.154.38.103:80
120.151.135.224:80
79.45.112.220:80
74.208.45.104:8080
103.86.49.11:8080
162.241.92.219:8080
153.126.210.205:7080
78.189.165.52:8080
201.173.217.124:443
113.160.130.116:8443
153.133.224.78:80
178.20.74.212:80
104.131.44.150:8080
211.63.71.72:8080
177.230.81.0:22
46.105.131.87:80
50.116.86.205:8080
93.51.50.171:8080
62.75.141.82:80
209.141.54.221:8080
62.138.26.28:8080
186.208.123.210:443
200.41.121.90:80
139.130.242.43:80
176.111.60.55:8080
98.15.140.226:80
95.128.43.213:8080
142.105.151.124:443
60.130.173.117:80
104.236.246.93:8080
91.205.215.66:443
104.131.11.150:443
41.215.92.157:80
168.235.67.138:7080
Extracted
emotet
LEA
80.158.59.174:8080
80.158.43.136:80
80.158.3.161:443
80.158.51.209:8080
80.158.35.51:80
80.158.63.78:443
80.158.53.167:80
80.158.62.194:443
Targets
-
-
Target
61e37534bfb2acbb787788100b1932f5011cbc98db86ce10b7a8a730d2a4de35
-
Size
256KB
-
MD5
b12817c1c8ba085a7a82655fba90e53d
-
SHA1
1f56268ada7ef3e7b788121cfa2ca1879cf70f1e
-
SHA256
61e37534bfb2acbb787788100b1932f5011cbc98db86ce10b7a8a730d2a4de35
-
SHA512
788a14c7f1bd001650f9eb01f9d7031bd99853bbb4de5a62b88c4c28bf60f5118a5b6884387c8880388dd3ba78b87caa312e3b82f8351db41befbb8b76aac672
-
Emotet Payload
Detects Emotet payload in memory.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation