aacc.exe

General
Target

aacc.exe

Filesize

349KB

Completed

29-08-2021 16:45

Score
10/10
MD5

f2f08b57e8914390f972abeeb1386ac5

SHA1

655a1a166fb756683d8b48068a1e2e002c64442d

SHA256

3838e56e07f1e8979726ed6b4039e4bddb7b90a3d9c41a229d03024921b8aa7f

Malware Config

Extracted

Family emotet
Botnet Epoch2
C2

115.94.207.99:443

5.196.108.185:8080

167.114.153.111:8080

87.106.136.232:8080

62.30.7.67:443

108.46.29.236:80

24.179.13.119:80

89.121.205.18:80

46.105.131.79:8080

173.63.222.65:80

174.45.13.118:80

216.139.123.119:80

172.91.208.86:80

155.186.9.160:80

96.245.227.43:80

102.182.93.220:80

24.230.141.169:80

104.131.123.136:443

104.131.11.150:443

203.153.216.189:7080

37.139.21.175:8080

94.230.70.6:80

194.187.133.160:443

50.91.114.38:80

118.83.154.64:443

78.24.219.147:8080

97.82.79.83:80

95.9.5.93:80

24.137.76.62:80

190.29.166.0:80

50.35.17.13:80

139.162.108.71:8080

50.245.107.73:443

98.174.164.72:80

49.3.224.99:8080

190.108.228.27:443

209.141.54.221:7080

61.19.246.238:443

76.175.162.101:80

5.39.91.110:7080

87.106.139.101:8080

72.143.73.234:443

110.142.236.207:80

190.240.194.77:443

74.208.45.104:8080

113.61.66.94:80

103.86.49.11:8080

181.126.74.180:80

121.7.31.214:80

209.54.13.14:80

rsa_pubkey.plain
Signatures 3

Filter: none

  • Emotet

    Description

    Emotet is a trojan that is primarily spread through spam emails.

  • Emotet Payload

    Description

    Detects Emotet payload in memory.

    Reported IOCs

    resourceyara_rule
    behavioral1/memory/1060-60-0x0000000000400000-0x0000000000459000-memory.dmpemotet
  • Suspicious behavior: EnumeratesProcesses
    aacc.exe

    Reported IOCs

    pidprocess
    1060aacc.exe
    1060aacc.exe
    1060aacc.exe
    1060aacc.exe
    1060aacc.exe
    1060aacc.exe
    1060aacc.exe
    1060aacc.exe
Processes 1
  • C:\Users\Admin\AppData\Local\Temp\aacc.exe
    "C:\Users\Admin\AppData\Local\Temp\aacc.exe"
    Suspicious behavior: EnumeratesProcesses
    PID:1060
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/1060-60-0x0000000000400000-0x0000000000459000-memory.dmp

                          • memory/1060-62-0x0000000000410000-0x0000000000459000-memory.dmp

                          • memory/1060-63-0x0000000075C31000-0x0000000075C33000-memory.dmp