Overview

overview

10

Static

static

10

bf37527c52...46.exe

windows7_x64

3

bf37527c52...46.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf37527c525f1fa0ce174a7cb1d823d16236a4d52fd4e4cb4c0b1ab8c4529146

  • Size

    341KB

  • Sample

    220215-zjrclabcdj

  • MD5

    268104622c89c7a922ae0972b94f45e1

  • SHA1

    dce92981da80ea6884155206f4923e4635feaabd

  • SHA256

    bf37527c525f1fa0ce174a7cb1d823d16236a4d52fd4e4cb4c0b1ab8c4529146

  • SHA512

    27a01c7f7f00533d60d5bd54523a14fefbe96f1f824e5c20d44ba547d74aeb8791b2169a41f183c026cc2ec39576d0b4e612d2d85a030e3ff9c5af42ecc34811

Score
10/10
emotetepoch2

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

102.182.145.130:80

173.173.254.105:80

64.207.182.168:8080

51.89.199.141:8080

167.114.153.111:8080

173.63.222.65:80

218.147.193.146:80

59.125.219.109:443

172.104.97.173:8080

190.162.215.233:80

68.115.186.26:80

78.188.106.53:443

190.240.194.77:443

24.133.106.23:80

80.227.52.78:80

79.137.83.50:443

120.150.218.241:443

62.171.142.179:8080

194.4.58.192:7080

62.30.7.67:443
rsa_pubkey.plain

Targets

    • Target

      bf37527c525f1fa0ce174a7cb1d823d16236a4d52fd4e4cb4c0b1ab8c4529146

    • Size

      341KB

    • MD5

      268104622c89c7a922ae0972b94f45e1

    • SHA1

      dce92981da80ea6884155206f4923e4635feaabd

    • SHA256

      bf37527c525f1fa0ce174a7cb1d823d16236a4d52fd4e4cb4c0b1ab8c4529146

    • SHA512

      27a01c7f7f00533d60d5bd54523a14fefbe96f1f824e5c20d44ba547d74aeb8791b2169a41f183c026cc2ec39576d0b4e612d2d85a030e3ff9c5af42ecc34811

    Score
    10/10

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks