Resubmissions

02-12-2021 09:21

211202-lbe3psdhdn 10

22-01-2021 16:42

210122-a4q8jex6pn 1

General

  • Target

    205f90e4f94db048a4f10d6f5d4a7ffe06c4f5fcfee42e6b62a83e77215011f0

  • Size

    340KB

  • Sample

    211202-lbe3psdhdn

  • MD5

    fd72b95e466340e12b3c490086991b92

  • SHA1

    ba29620b0c204678801a0c11bdb59f4ab81a34a4

  • SHA256

    205f90e4f94db048a4f10d6f5d4a7ffe06c4f5fcfee42e6b62a83e77215011f0

  • SHA512

    8e09e01557f01001386594fb4c59d0d6cd09e3e94b10a0a319b5d16a637f3e2568b7ed743b478c8cfe78d8a3e4880e4de1245767bcc86e41d0697c9e29931f4a

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

69.38.130.14:80

195.159.28.230:8080

162.241.204.233:8080

115.21.224.117:80

78.189.148.42:80

181.165.68.127:80

78.188.225.105:80

161.0.153.60:80

89.106.251.163:80

172.125.40.123:80

5.39.91.110:7080

110.145.11.73:80

190.251.200.206:80

144.217.7.207:7080

75.109.111.18:80

75.177.207.146:80

139.59.60.244:8080

70.183.211.3:80

95.213.236.64:8080

61.19.246.238:443

rsa_pubkey.plain

Targets

    • Target

      205f90e4f94db048a4f10d6f5d4a7ffe06c4f5fcfee42e6b62a83e77215011f0

    • Size

      340KB

    • MD5

      fd72b95e466340e12b3c490086991b92

    • SHA1

      ba29620b0c204678801a0c11bdb59f4ab81a34a4

    • SHA256

      205f90e4f94db048a4f10d6f5d4a7ffe06c4f5fcfee42e6b62a83e77215011f0

    • SHA512

      8e09e01557f01001386594fb4c59d0d6cd09e3e94b10a0a319b5d16a637f3e2568b7ed743b478c8cfe78d8a3e4880e4de1245767bcc86e41d0697c9e29931f4a

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks