Overview

overview

10

Static

static

Soti11ocy.exe

windows7_x64

10

Soti11ocy.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Soti11ocy.exe

  • Size

    400KB

  • Sample

    210329-tjawhh1cjs

  • MD5

    4e27ee113c23797b54f1b6c63b765d4a

  • SHA1

    612af6784376e793e6e4b5020ff9564a4458e23f

  • SHA256

    c1a2022a08cfa600b70e3db5a7a235826fa676c9d5c8919533a897e362a09ffa

  • SHA512

    293e023850aeee626d2694b494031543ecea56d0ed9b03445f51017f1dc356482d9fd631129b00530eabc2fed9707605220ccbd62dd99ce184d2bf9eab802d71

Score
10/10
emotetepoch2bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

102.182.145.130:80

173.173.254.105:80

64.207.182.168:8080

51.89.199.141:8080

167.114.153.111:8080

173.63.222.65:80

218.147.193.146:80

59.125.219.109:443

172.104.97.173:8080

190.162.215.233:80

68.115.186.26:80

78.188.106.53:443

190.240.194.77:443

24.133.106.23:80

80.227.52.78:80

79.137.83.50:443

120.150.218.241:443

62.171.142.179:8080

194.4.58.192:7080

62.30.7.67:443
rsa_pubkey.plain

Targets

    • Target

      Soti11ocy.exe

    • Size

      400KB

    • MD5

      4e27ee113c23797b54f1b6c63b765d4a

    • SHA1

      612af6784376e793e6e4b5020ff9564a4458e23f

    • SHA256

      c1a2022a08cfa600b70e3db5a7a235826fa676c9d5c8919533a897e362a09ffa

    • SHA512

      293e023850aeee626d2694b494031543ecea56d0ed9b03445f51017f1dc356482d9fd631129b00530eabc2fed9707605220ccbd62dd99ce184d2bf9eab802d71

    Score
    10/10
    emotetepoch2bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Emotet Payload

      Detects Emotet payload in memory.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks