aacc.exe

General
Target

aacc.exe

Filesize

349KB

Completed

13-09-2021 09:28

Score
10/10
MD5

f2f08b57e8914390f972abeeb1386ac5

SHA1

655a1a166fb756683d8b48068a1e2e002c64442d

SHA256

3838e56e07f1e8979726ed6b4039e4bddb7b90a3d9c41a229d03024921b8aa7f

Malware Config

Extracted

Family emotet
Botnet Epoch2
C2

115.94.207.99:443

5.196.108.185:8080

167.114.153.111:8080

87.106.136.232:8080

62.30.7.67:443

108.46.29.236:80

24.179.13.119:80

89.121.205.18:80

46.105.131.79:8080

173.63.222.65:80

174.45.13.118:80

216.139.123.119:80

172.91.208.86:80

155.186.9.160:80

96.245.227.43:80

102.182.93.220:80

24.230.141.169:80

104.131.123.136:443

104.131.11.150:443

203.153.216.189:7080

37.139.21.175:8080

94.230.70.6:80

194.187.133.160:443

50.91.114.38:80

118.83.154.64:443

78.24.219.147:8080

97.82.79.83:80

95.9.5.93:80

24.137.76.62:80

190.29.166.0:80

50.35.17.13:80

139.162.108.71:8080

50.245.107.73:443

98.174.164.72:80

49.3.224.99:8080

190.108.228.27:443

209.141.54.221:7080

61.19.246.238:443

76.175.162.101:80

5.39.91.110:7080

87.106.139.101:8080

72.143.73.234:443

110.142.236.207:80

190.240.194.77:443

74.208.45.104:8080

113.61.66.94:80

103.86.49.11:8080

181.126.74.180:80

121.7.31.214:80

209.54.13.14:80

rsa_pubkey.plain
Signatures 3

Filter: none

  • Emotet

    Description

    Emotet is a trojan that is primarily spread through spam emails.

  • Emotet Payload

    Description

    Detects Emotet payload in memory.

    Reported IOCs

    resourceyara_rule
    behavioral1/memory/1936-53-0x0000000000190000-0x00000000001E9000-memory.dmpemotet
  • Suspicious behavior: EnumeratesProcesses
    aacc.exe

    Reported IOCs

    pidprocess
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
    1936aacc.exe
Processes 1
  • C:\Users\Admin\AppData\Local\Temp\aacc.exe
    "C:\Users\Admin\AppData\Local\Temp\aacc.exe"
    Suspicious behavior: EnumeratesProcesses
    PID:1936
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/1936-53-0x0000000000190000-0x00000000001E9000-memory.dmp

                          • memory/1936-55-0x00000000001A0000-0x00000000001E9000-memory.dmp

                          • memory/1936-56-0x00000000758D1000-0x00000000758D3000-memory.dmp