205f90e4f94db048a4f10d6f5d4a7ffe06c4f5fcfee42e6b62a83e77215011f0

General
Target

205f90e4f94db048a4f10d6f5d4a7ffe06c4f5fcfee42e6b62a83e77215011f0

Size

340KB

Sample

211202-lbe3psdhdn

Score
10 /10
MD5

fd72b95e466340e12b3c490086991b92

SHA1

ba29620b0c204678801a0c11bdb59f4ab81a34a4

SHA256

205f90e4f94db048a4f10d6f5d4a7ffe06c4f5fcfee42e6b62a83e77215011f0

SHA512

8e09e01557f01001386594fb4c59d0d6cd09e3e94b10a0a319b5d16a637f3e2568b7ed743b478c8cfe78d8a3e4880e4de1245767bcc86e41d0697c9e29931f4a

Malware Config

Extracted

Family emotet
Botnet Epoch2
C2

69.38.130.14:80

195.159.28.230:8080

162.241.204.233:8080

115.21.224.117:80

78.189.148.42:80

181.165.68.127:80

78.188.225.105:80

161.0.153.60:80

89.106.251.163:80

172.125.40.123:80

5.39.91.110:7080

110.145.11.73:80

190.251.200.206:80

144.217.7.207:7080

75.109.111.18:80

75.177.207.146:80

139.59.60.244:8080

70.183.211.3:80

95.213.236.64:8080

61.19.246.238:443

174.118.202.24:443

71.72.196.159:80

138.68.87.218:443

24.164.79.147:8080

49.205.182.134:80

24.231.88.85:80

121.124.124.40:7080

95.9.5.93:80

118.83.154.64:443

78.24.219.147:8080

104.131.11.150:443

85.105.205.77:8080

108.53.88.101:443

187.161.206.24:80

203.153.216.189:7080

37.187.72.193:8080

185.94.252.104:443

157.245.99.39:8080

50.91.114.38:80

87.106.139.101:8080

74.128.121.17:80

62.75.141.82:80

37.139.21.175:8080

190.103.228.24:80

134.209.144.106:443

78.182.254.231:80

186.74.215.34:80

180.222.161.85:80

69.49.88.46:80

202.134.4.211:8080

rsa_pubkey.plain
Targets
Target

205f90e4f94db048a4f10d6f5d4a7ffe06c4f5fcfee42e6b62a83e77215011f0

MD5

fd72b95e466340e12b3c490086991b92

Filesize

340KB

Score
10/10
SHA1

ba29620b0c204678801a0c11bdb59f4ab81a34a4

SHA256

205f90e4f94db048a4f10d6f5d4a7ffe06c4f5fcfee42e6b62a83e77215011f0

SHA512

8e09e01557f01001386594fb4c59d0d6cd09e3e94b10a0a319b5d16a637f3e2568b7ed743b478c8cfe78d8a3e4880e4de1245767bcc86e41d0697c9e29931f4a

Tags

Signatures

  • Emotet

    Description

    Emotet is a trojan that is primarily spread through spam emails.

    Tags

  • Blocklisted process makes network request

  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10