2020-07-21-Emotet-EXE-updated-after-initial-infection.bin

General
Target

2020-07-21-Emotet-EXE-updated-after-initial-infection.bin

Size

417KB

Sample

210307-xxgnn2bhre

Score
10 /10
MD5

5895c71c30a0781df1c49d5c35bd3fbb

SHA1

eee820baffadb9f006e271386861b97af6b6fb9c

SHA256

a7f46b14baa4d0df476385bdb7316c774842d39faf6efc1f2b0f09ad3c5060de

SHA512

583b025c53c55cf06df43d7ea630736329c5ddef40c6379dbe0b25dfc124c6a6d50fff94a2a19eba83e74649c4a30fdf445405a0096b099cd49605f1778c4498

Malware Config

Extracted

Family emotet
Botnet Epoch2
C2

124.45.106.173:443

212.51.142.238:8080

176.111.60.55:8080

201.173.217.124:443

108.48.41.69:80

200.41.121.90:80

222.214.218.37:4143

173.91.22.41:80

78.189.165.52:8080

190.108.228.62:443

209.141.54.221:8080

87.106.139.101:8080

74.208.45.104:8080

186.208.123.210:443

109.117.53.230:443

103.86.49.11:8080

139.59.60.244:8080

153.126.210.205:7080

109.74.5.95:8080

91.211.88.52:7080

37.187.72.193:8080

79.7.158.208:80

95.179.229.244:8080

24.1.189.87:8080

200.55.243.138:8080

31.31.77.83:443

137.59.187.107:8080

190.55.181.54:443

93.51.50.171:8080

101.187.97.173:80

110.145.77.103:80

5.39.91.110:7080

104.131.11.150:443

210.165.156.91:80

79.98.24.39:8080

116.203.32.252:8080

190.160.53.126:80

104.236.246.93:8080

104.131.44.150:8080

87.106.136.232:8080

62.75.141.82:80

91.231.166.124:8080

203.153.216.189:7080

190.144.18.198:80

162.241.92.219:8080

73.11.153.178:8080

121.124.124.40:7080

162.154.38.103:80

113.160.130.116:8443

93.156.165.186:80

rsa_pubkey.plain
Targets
Target

2020-07-21-Emotet-EXE-updated-after-initial-infection.bin

MD5

5895c71c30a0781df1c49d5c35bd3fbb

Filesize

417KB

Score
10/10
SHA1

eee820baffadb9f006e271386861b97af6b6fb9c

SHA256

a7f46b14baa4d0df476385bdb7316c774842d39faf6efc1f2b0f09ad3c5060de

SHA512

583b025c53c55cf06df43d7ea630736329c5ddef40c6379dbe0b25dfc124c6a6d50fff94a2a19eba83e74649c4a30fdf445405a0096b099cd49605f1778c4498

Tags

Signatures

  • Emotet

    Description

    Emotet is a trojan that is primarily spread through spam emails.

    Tags

  • Emotet Payload

    Description

    Detects Emotet payload in memory.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10