Resubmissions

13-09-2021 08:58

210913-kxetdsgdhl 10

29-08-2021 16:43

210829-22h5adw62a 10

Analysis

  • max time kernel
    1778s
  • max time network
    1788s
  • platform
    windows7_x64
  • resource
    win7-en
  • submitted
    13-09-2021 08:58

General

  • Target

    aacc.exe

  • Size

    349KB

  • MD5

    f2f08b57e8914390f972abeeb1386ac5

  • SHA1

    655a1a166fb756683d8b48068a1e2e002c64442d

  • SHA256

    3838e56e07f1e8979726ed6b4039e4bddb7b90a3d9c41a229d03024921b8aa7f

  • SHA512

    7dfe1fb09fa26d8042c6c8c530bc9da7fc031b5543a2a5069a6f607042b192911f5bc9fab95a34b4ab72a501f552ff5fd20742c2cfeea6594c8a4036573c9355

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

115.94.207.99:443

5.196.108.185:8080

167.114.153.111:8080

87.106.136.232:8080

62.30.7.67:443

108.46.29.236:80

24.179.13.119:80

89.121.205.18:80

46.105.131.79:8080

173.63.222.65:80

174.45.13.118:80

216.139.123.119:80

172.91.208.86:80

155.186.9.160:80

96.245.227.43:80

102.182.93.220:80

24.230.141.169:80

104.131.123.136:443

104.131.11.150:443

203.153.216.189:7080

rsa_pubkey.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

  • Emotet Payload 1 IoCs

    Detects Emotet payload in memory.

  • Suspicious behavior: EnumeratesProcesses 49 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aacc.exe
    "C:\Users\Admin\AppData\Local\Temp\aacc.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1936-53-0x0000000000190000-0x00000000001E9000-memory.dmp
    Filesize

    356KB

  • memory/1936-55-0x00000000001A0000-0x00000000001E9000-memory.dmp
    Filesize

    292KB

  • memory/1936-56-0x00000000758D1000-0x00000000758D3000-memory.dmp
    Filesize

    8KB