Overview

overview

10

Static

static

NTn5cqpa.dll

windows7_x64

10

NTn5cqpa.dll

windows10-2004_x64

10

r5t3fovxD.dll

windows7_x64

10

r5t3fovxD.dll

windows10-2004_x64

10

wTX6pg5eI.dll

windows7_x64

10

wTX6pg5eI.dll

windows10-2004_x64

1

Resubmissions

18-01-2022 01:59

220118-ceefxafch7 1

18-01-2022 01:25

220118-bszhkafad6 10

12-01-2022 19:02

220112-xptnssdgap 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    emotet.zip

  • Size

    862KB

  • Sample

    220118-bszhkafad6

  • MD5

    f659a2db24ef328a3fdde0229195236a

  • SHA1

    252408e9cb20e9c3aa4f3dc2b3b1ed8ea3231f51

  • SHA256

    dc2b36a39e44ba8371e137d53dcfe7af346a4da6be4ec5531ef0ef2cb2f3c922

  • SHA512

    b3a487731ed1710e7dc405b27e1f1a1f432babd141dffff6747b4c1569821fcef2e5a892fdbe631163dba2f0f80ca1343bb642797714f6f4b4fe739994d06d31

Score
10/10
emotetepoch5bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch5

C2

45.138.98.34:80

69.16.218.101:8080

51.210.242.234:8080

185.148.168.220:8080

142.4.219.173:8080

54.38.242.185:443

191.252.103.16:80

104.131.62.48:8080

62.171.178.147:8080

217.182.143.207:443

168.197.250.14:80

37.44.244.177:8080

66.42.57.149:443

210.57.209.142:8080

159.69.237.188:443

116.124.128.206:8080

128.199.192.135:8080

195.154.146.35:443

185.148.168.15:8080

195.77.239.39:8080
eck1.plain
ecs1.plain

Targets

    • Target

      NTn5cqpa.dll

    • Size

      470KB

    • MD5

      e4b28480c44a175190085a79e50aa56c

    • SHA1

      3e43969468de455940920664b28cc0c8139924b6

    • SHA256

      c60f319790c8cf0b2f39046c789428771ed2bf8f4c108d9b6e9c9bf024efd3c2

    • SHA512

      2dfaa66429f27de1a8b86e693f2776eae593b671d1ae385ed3389e7ff528b4582e6a6695474123febfc34749c9aa2308c2b90b5c43bd41cd1d88a5e0a4b12964

    Score
    10/10
    emotetepoch5bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet
    behavioral1behavioral2

    • Target

      r5t3fovxD.dll

    • Size

      470KB

    • MD5

      3eed9d1f62e0ae2678a708e9aaea2e83

    • SHA1

      a30470351ad507f1bf12d11e7c6008f2e821cd98

    • SHA256

      da9365e086fb31ed7d832365cf96ffd2697d47f12deb8bf34bd5b1a50870299e

    • SHA512

      334a23dca68b451c213c74ff0b8363dafd6de8ac0807999b11c60b00e889f19312629ad842d1a0f3f2c7a65465522905155303055a7ab18709b8d9a4ac781551

    Score
    10/10
    emotetepoch5bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet
    behavioral3behavioral4

    • Target

      wTX6pg5eI.dll

    • Size

      470KB

    • MD5

      d7558151521bffa1c84e558f961eed25

    • SHA1

      6ff24d8068ecfe17154c7a9d60acb34e8c3af75e

    • SHA256

      da7fa800740b478f03c7d6b4be655eaaa52b7607a16491f7c0b34da214d08fc4

    • SHA512

      f0a9a98542551b6138cd6e05140ca491e4e2990ae55ee97fbdcedc8fd8c4dfa671b00340e9753c536b614f2b909c14769f7d10cbf0fba03183fbf8a6f6f35779

    Score
    10/10
    emotetepoch5bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet
    behavioral5behavioral6

MITRE ATT&CK Matrix

Tasks