aacc.exe

13-09-2021 08:58

210913-kxetdsgdhl 10

29-08-2021 16:43

210829-22h5adw62a 10

max time kernel154s
max time network156s
platformwindows7_x64
resourcewin7v20210408
submitted29-08-2021 16:43

Report
Files
Registry
Network
Processes
Mutex
Misc

Target

aacc.exe

Filesize

349KB

Completed

29-08-2021 16:45

Score

10^/10

MD5

f2f08b57e8914390f972abeeb1386ac5

SHA1

655a1a166fb756683d8b48068a1e2e002c64442d

SHA256

3838e56e07f1e8979726ed6b4039e4bddb7b90a3d9c41a229d03024921b8aa7f

Extracted

Family	emotet
Botnet	Epoch2
C2	115.94.207.99:443 5.196.108.185:8080 167.114.153.111:8080 87.106.136.232:8080 62.30.7.67:443 108.46.29.236:80 24.179.13.119:80 89.121.205.18:80 46.105.131.79:8080 173.63.222.65:80 174.45.13.118:80 216.139.123.119:80 172.91.208.86:80 155.186.9.160:80 96.245.227.43:80 102.182.93.220:80 24.230.141.169:80 104.131.123.136:443 104.131.11.150:443 203.153.216.189:7080 37.139.21.175:8080 94.230.70.6:80 194.187.133.160:443 50.91.114.38:80 118.83.154.64:443 78.24.219.147:8080 97.82.79.83:80 95.9.5.93:80 24.137.76.62:80 190.29.166.0:80 50.35.17.13:80 139.162.108.71:8080 50.245.107.73:443 98.174.164.72:80 49.3.224.99:8080 190.108.228.27:443 209.141.54.221:7080 61.19.246.238:443 76.175.162.101:80 5.39.91.110:7080 87.106.139.101:8080 72.143.73.234:443 110.142.236.207:80 190.240.194.77:443 74.208.45.104:8080 113.61.66.94:80 103.86.49.11:8080 181.126.74.180:80 121.7.31.214:80 209.54.13.14:80 153.164.70.236:80 186.70.56.94:443 186.74.215.34:80 91.211.88.52:7080 47.144.21.12:443 202.141.243.254:443 68.252.26.78:80 71.15.245.148:8080 188.219.31.12:80 104.131.44.150:8080 174.106.122.139:80 49.50.209.131:80 66.76.12.94:8080 123.176.25.234:80 123.142.37.166:80 218.147.193.146:80 91.146.156.228:80 139.99.158.11:443 69.206.132.149:80 120.150.60.189:80 85.105.111.166:80 94.200.114.161:80 185.94.252.104:443 89.216.122.92:80 62.75.141.82:80 208.180.207.205:80 162.241.140.129:8080 109.74.5.95:8080 75.139.38.211:80 95.213.236.64:8080 220.245.198.194:80 139.59.60.244:8080 130.0.132.242:80 78.188.106.53:443 71.72.196.159:80 110.145.77.103:80 83.110.223.58:443 139.162.60.124:8080 176.111.60.55:8080 94.23.237.171:443 37.187.72.193:8080 47.36.140.164:80 124.41.215.226:80 121.124.124.40:7080 120.150.218.241:443 61.33.119.226:443 137.59.187.107:8080 157.245.99.39:8080 75.143.247.51:80 172.104.97.173:8080 184.180.181.202:80 75.188.96.231:80 79.137.83.50:443 142.112.10.95:20 76.171.227.238:80 162.241.242.173:8080 168.235.67.138:7080 93.147.212.206:80 74.214.230.200:80 194.4.58.192:7080 80.241.255.202:8080 115.94.207.99:443 5.196.108.185:8080 167.114.153.111:8080 87.106.136.232:8080 62.30.7.67:443 108.46.29.236:80 24.179.13.119:80 89.121.205.18:80 46.105.131.79:8080 173.63.222.65:80 174.45.13.118:80 216.139.123.119:80 172.91.208.86:80 155.186.9.160:80 96.245.227.43:80 102.182.93.220:80 24.230.141.169:80 104.131.123.136:443 104.131.11.150:443 203.153.216.189:7080 37.139.21.175:8080 94.230.70.6:80 194.187.133.160:443 50.91.114.38:80 118.83.154.64:443 78.24.219.147:8080 97.82.79.83:80 95.9.5.93:80 24.137.76.62:80 190.29.166.0:80 50.35.17.13:80 139.162.108.71:8080 50.245.107.73:443 98.174.164.72:80 49.3.224.99:8080 190.108.228.27:443 209.141.54.221:7080 61.19.246.238:443 76.175.162.101:80 5.39.91.110:7080 87.106.139.101:8080 72.143.73.234:443 110.142.236.207:80 190.240.194.77:443 74.208.45.104:8080 113.61.66.94:80 103.86.49.11:8080 181.126.74.180:80 121.7.31.214:80 209.54.13.14:80 153.164.70.236:80 186.70.56.94:443 186.74.215.34:80 91.211.88.52:7080 47.144.21.12:443 202.141.243.254:443 68.252.26.78:80 71.15.245.148:8080 188.219.31.12:80 104.131.44.150:8080 174.106.122.139:80 49.50.209.131:80 66.76.12.94:8080 123.176.25.234:80 123.142.37.166:80 218.147.193.146:80 91.146.156.228:80 139.99.158.11:443 69.206.132.149:80 120.150.60.189:80 85.105.111.166:80 94.200.114.161:80 185.94.252.104:443 89.216.122.92:80 62.75.141.82:80 208.180.207.205:80 162.241.140.129:8080 109.74.5.95:8080 75.139.38.211:80 95.213.236.64:8080 220.245.198.194:80 139.59.60.244:8080 130.0.132.242:80 78.188.106.53:443 71.72.196.159:80 110.145.77.103:80 83.110.223.58:443 139.162.60.124:8080 176.111.60.55:8080 94.23.237.171:443 37.187.72.193:8080 47.36.140.164:80 124.41.215.226:80 121.124.124.40:7080 120.150.218.241:443 61.33.119.226:443 137.59.187.107:8080 157.245.99.39:8080 75.143.247.51:80 172.104.97.173:8080 184.180.181.202:80 75.188.96.231:80 79.137.83.50:443 142.112.10.95:20 76.171.227.238:80 162.241.242.173:8080 168.235.67.138:7080 93.147.212.206:80 74.214.230.200:80 194.4.58.192:7080 80.241.255.202:8080
rsa_pubkey.plain

Emotet

Description

Emotet is a trojan that is primarily spread through spam emails.

Tags

trojan banker emotet
Emotet Payload

Description

Detects Emotet payload in memory.

Reported IOCs

resource yara_rule

behavioral1/memory/1060-60-0x0000000000400000-0x0000000000459000-memory.dmp emotet
Suspicious behavior: EnumeratesProcesses
aacc.exe

Reported IOCs

pid process

1060 aacc.exe
1060 aacc.exe
1060 aacc.exe
1060 aacc.exe
1060 aacc.exe
1060 aacc.exe
1060 aacc.exe
1060 aacc.exe

resource	yara_rule
behavioral1/memory/1060-60-0x0000000000400000-0x0000000000459000-memory.dmp	emotet

pid	process
1060	aacc.exe
1060	aacc.exe
1060	aacc.exe
1060	aacc.exe
1060	aacc.exe
1060	aacc.exe
1060	aacc.exe
1060	aacc.exe

C:\Users\Admin\AppData\Local\Temp\aacc.exe

"C:\Users\Admin\AppData\Local\Temp\aacc.exe"

Suspicious behavior: EnumeratesProcesses

PID:1060

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

00:00 00:00

memory/1060-60-0x0000000000400000-0x0000000000459000-memory.dmp

Download
memory/1060-62-0x0000000000410000-0x0000000000459000-memory.dmp

Download
memory/1060-63-0x0000000075C31000-0x0000000075C33000-memory.dmp

Download

aacc.exe

Extracted

Filter: none

Description

Tags

Description

Reported IOCs

Reported IOCs

Title