General

  • Target

    11e0213d37d8756cb1aba36ab6d02040fc013c910a9c362492af7bd436832b82

  • Size

    772KB

  • Sample

    220225-fypyjagbdk

  • MD5

    b2381cbba833ad4df70c1e0d8dd3a006

  • SHA1

    afa22f3d6334763ccadec9287c49825a6faf4261

  • SHA256

    11e0213d37d8756cb1aba36ab6d02040fc013c910a9c362492af7bd436832b82

  • SHA512

    bc298f07a600745dd575419ceaac681a6df741536aa888f54833dc3d694e1792b510e4865a31ca9d29394949eab42e944dbd97b7b82aaf14df3a65b71316b3d0

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

47.36.140.164:80

169.50.76.149:8080

162.241.140.129:8080

104.131.123.136:443

95.213.236.64:8080

130.0.132.242:80

123.176.25.234:80

46.105.131.79:8080

157.245.99.39:8080

79.98.24.39:8080

49.50.209.131:80

72.143.73.234:443

50.91.114.38:80

89.216.122.92:80

5.39.91.110:7080

121.124.124.40:7080

71.72.196.159:80

5.196.74.210:8080

139.162.108.71:8080

61.19.246.238:443

rsa_pubkey.plain

Targets

    • Target

      11e0213d37d8756cb1aba36ab6d02040fc013c910a9c362492af7bd436832b82

    • Size

      772KB

    • MD5

      b2381cbba833ad4df70c1e0d8dd3a006

    • SHA1

      afa22f3d6334763ccadec9287c49825a6faf4261

    • SHA256

      11e0213d37d8756cb1aba36ab6d02040fc013c910a9c362492af7bd436832b82

    • SHA512

      bc298f07a600745dd575419ceaac681a6df741536aa888f54833dc3d694e1792b510e4865a31ca9d29394949eab42e944dbd97b7b82aaf14df3a65b71316b3d0

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M11

      suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M11

    • Emotet Payload

      Detects Emotet payload in memory.

    • Dave packer

      Detects executable using a packer named 'Dave' by the community, based on a string at the end.

MITRE ATT&CK Matrix

Tasks