e0ff6c10a2da6041b7e95a2de568382c964dd452130a1eb623fae64c7f480ba6

General
Target

e0ff6c10a2da6041b7e95a2de568382c964dd452130a1eb623fae64c7f480ba6

Size

744KB

Sample

210913-hemeeagahq

Score
10 /10
MD5

307f1a3b77cec85ddc3597ac97095cb7

SHA1

08311ddf8d849761f535f4b6d083076ed4c083bb

SHA256

e0ff6c10a2da6041b7e95a2de568382c964dd452130a1eb623fae64c7f480ba6

SHA512

0b947588335fc4662deedeca39e5378701d90ee6e18213f9e5d12dfc196497fbe3f1b6cbc44f81389765179b781bf11d3f430c099c4774c5c76756523a4d8d79

Malware Config

Extracted

Family emotet
Botnet Epoch2
C2

71.208.216.10:80

212.51.142.238:8080

5.39.91.110:7080

109.74.5.95:8080

121.124.124.40:7080

139.130.242.43:80

162.241.92.219:8080

93.156.165.186:80

203.153.216.189:7080

169.239.182.217:8080

78.189.165.52:8080

37.187.72.193:8080

110.145.77.103:80

190.144.18.198:80

209.182.216.177:443

74.208.45.104:8080

209.141.54.221:8080

190.160.53.126:80

87.106.139.101:8080

176.111.60.55:8080

162.154.38.103:80

70.167.215.250:8080

95.179.229.244:8080

153.126.210.205:7080

91.231.166.124:8080

79.98.24.39:8080

173.91.22.41:80

210.165.156.91:80

91.205.215.66:443

108.48.41.69:80

189.212.199.126:443

61.19.246.238:443

168.235.67.138:7080

104.131.44.150:8080

24.1.189.87:8080

109.117.53.230:443

104.236.246.93:8080

79.7.158.208:80

91.211.88.52:7080

222.214.218.37:4143

180.92.239.110:8080

81.2.235.111:8080

41.60.200.34:80

200.41.121.90:80

75.139.38.211:80

157.245.99.39:8080

137.59.187.107:8080

185.94.252.104:443

108.26.231.214:80

5.196.74.210:8080

rsa_pubkey.plain
Targets
Target

e0ff6c10a2da6041b7e95a2de568382c964dd452130a1eb623fae64c7f480ba6

MD5

307f1a3b77cec85ddc3597ac97095cb7

Filesize

744KB

Score
10/10
SHA1

08311ddf8d849761f535f4b6d083076ed4c083bb

SHA256

e0ff6c10a2da6041b7e95a2de568382c964dd452130a1eb623fae64c7f480ba6

SHA512

0b947588335fc4662deedeca39e5378701d90ee6e18213f9e5d12dfc196497fbe3f1b6cbc44f81389765179b781bf11d3f430c099c4774c5c76756523a4d8d79

Tags

Signatures

  • Emotet

    Description

    Emotet is a trojan that is primarily spread through spam emails.

    Tags

  • suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M8

    Description

    suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M8

    Tags

  • Emotet Payload

    Description

    Detects Emotet payload in memory.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10