6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c

General
Target

6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c

Size

648KB

Sample

210913-krwvqagdfp

Score
10 /10
MD5

16bcd0a10f1a57d1194165dc42fab16f

SHA1

71d05db8382ea1954bcebea4229b6bfddb78c5cb

SHA256

6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c

SHA512

9c85849680ab5ffd5acf21709f7723b4d13e35c3002a9952e16ab21458f32dd2bf3942d23d996c9020b574881d0a3eb6a4fb6ab4a9743b405433d31cbffa82c7

Malware Config

Extracted

Family emotet
Botnet Epoch2
C2

162.154.38.103:80

95.216.118.202:8080

60.250.78.22:443

120.151.135.224:80

101.187.97.173:80

185.94.252.104:443

168.235.67.138:7080

103.86.49.11:8080

92.222.216.44:8080

190.160.53.126:80

31.31.77.83:443

195.244.215.206:80

5.196.74.210:8080

79.45.112.220:80

41.60.200.34:80

95.213.236.64:8080

5.39.91.110:7080

58.171.38.26:80

209.151.248.242:8080

178.20.74.212:80

210.56.10.58:80

62.138.26.28:8080

176.111.60.55:8080

104.131.44.150:8080

62.75.141.82:80

169.239.182.217:8080

23.92.16.164:8080

68.44.137.144:443

177.230.81.0:22

160.16.215.66:8080

95.128.43.213:8080

176.9.43.37:8080

110.145.77.103:80

91.205.215.66:443

104.236.246.93:8080

78.24.219.147:8080

37.187.72.193:8080

153.133.224.78:80

82.223.70.24:8080

113.160.130.116:8443

84.21.179.51:80

62.75.187.192:8080

59.20.65.102:80

200.41.121.90:80

104.131.11.150:443

87.106.139.101:8080

201.173.217.124:443

78.189.165.52:8080

74.208.45.104:8080

24.94.237.248:80

rsa_pubkey.plain
Targets
Target

6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c

MD5

16bcd0a10f1a57d1194165dc42fab16f

Filesize

648KB

Score
10/10
SHA1

71d05db8382ea1954bcebea4229b6bfddb78c5cb

SHA256

6b822efac2de6532c4d638c11002382704e6ce27c2549667abe0ca3cf047b56c

SHA512

9c85849680ab5ffd5acf21709f7723b4d13e35c3002a9952e16ab21458f32dd2bf3942d23d996c9020b574881d0a3eb6a4fb6ab4a9743b405433d31cbffa82c7

Tags

Signatures

  • Emotet

    Description

    Emotet is a trojan that is primarily spread through spam emails.

    Tags

  • suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M8

    Description

    suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M8

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10