Soti11ocy.exe

General
Target

Soti11ocy.exe

Size

400KB

Sample

210329-tjawhh1cjs

Score
10 /10
MD5

4e27ee113c23797b54f1b6c63b765d4a

SHA1

612af6784376e793e6e4b5020ff9564a4458e23f

SHA256

c1a2022a08cfa600b70e3db5a7a235826fa676c9d5c8919533a897e362a09ffa

SHA512

293e023850aeee626d2694b494031543ecea56d0ed9b03445f51017f1dc356482d9fd631129b00530eabc2fed9707605220ccbd62dd99ce184d2bf9eab802d71

Malware Config

Extracted

Family emotet
Botnet Epoch2
C2

102.182.145.130:80

173.173.254.105:80

64.207.182.168:8080

51.89.199.141:8080

167.114.153.111:8080

173.63.222.65:80

218.147.193.146:80

59.125.219.109:443

172.104.97.173:8080

190.162.215.233:80

68.115.186.26:80

78.188.106.53:443

190.240.194.77:443

24.133.106.23:80

80.227.52.78:80

79.137.83.50:443

120.150.218.241:443

62.171.142.179:8080

194.4.58.192:7080

62.30.7.67:443

134.209.144.106:443

24.230.141.169:80

194.190.67.75:80

172.91.208.86:80

201.241.127.190:80

185.94.252.104:443

104.131.11.150:443

71.15.245.148:8080

176.111.60.55:8080

172.86.188.251:8080

194.187.133.160:443

113.61.66.94:80

91.211.88.52:7080

202.134.4.216:8080

154.91.33.137:443

74.40.205.197:443

87.106.139.101:8080

66.76.12.94:8080

139.59.60.244:8080

112.185.64.233:80

85.105.111.166:80

74.208.45.104:8080

94.230.70.6:80

49.3.224.99:8080

119.59.116.21:8080

182.208.30.18:443

184.180.181.202:80

47.36.140.164:80

186.70.56.94:443

187.161.206.24:80

rsa_pubkey.plain
Targets
Target

Soti11ocy.exe

MD5

4e27ee113c23797b54f1b6c63b765d4a

Filesize

400KB

Score
10/10
SHA1

612af6784376e793e6e4b5020ff9564a4458e23f

SHA256

c1a2022a08cfa600b70e3db5a7a235826fa676c9d5c8919533a897e362a09ffa

SHA512

293e023850aeee626d2694b494031543ecea56d0ed9b03445f51017f1dc356482d9fd631129b00530eabc2fed9707605220ccbd62dd99ce184d2bf9eab802d71

Tags

Signatures

  • Emotet

    Description

    Emotet is a trojan that is primarily spread through spam emails.

    Tags

  • Emotet Payload

    Description

    Detects Emotet payload in memory.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10