General

  • Target

    85041bd519680b653c8a44c704db4906b0e4d99f5947c3ed209765b4f02cc27c

  • Size

    356KB

  • Sample

    220302-gmetvsdcg4

  • MD5

    709e3512ad4e3520bc90bd78546fd706

  • SHA1

    638b52a7515e01326fa216a57118785ee1668819

  • SHA256

    85041bd519680b653c8a44c704db4906b0e4d99f5947c3ed209765b4f02cc27c

  • SHA512

    b1ebe1bbc96321e563063c740f3a869bd82f7f7dc4982dffb62f59d6beb7391339466b934248c5a2b55c2a1735acc2b75b2f02df521caa29b45ce6cfb705e83c

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

102.182.145.130:80

173.173.254.105:80

64.207.182.168:8080

51.89.199.141:8080

167.114.153.111:8080

173.63.222.65:80

218.147.193.146:80

59.125.219.109:443

172.104.97.173:8080

190.162.215.233:80

68.115.186.26:80

78.188.106.53:443

190.240.194.77:443

24.133.106.23:80

80.227.52.78:80

79.137.83.50:443

120.150.218.241:443

62.171.142.179:8080

194.4.58.192:7080

62.30.7.67:443

rsa_pubkey.plain

Targets

    • Target

      85041bd519680b653c8a44c704db4906b0e4d99f5947c3ed209765b4f02cc27c

    • Size

      356KB

    • MD5

      709e3512ad4e3520bc90bd78546fd706

    • SHA1

      638b52a7515e01326fa216a57118785ee1668819

    • SHA256

      85041bd519680b653c8a44c704db4906b0e4d99f5947c3ed209765b4f02cc27c

    • SHA512

      b1ebe1bbc96321e563063c740f3a869bd82f7f7dc4982dffb62f59d6beb7391339466b934248c5a2b55c2a1735acc2b75b2f02df521caa29b45ce6cfb705e83c

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet Payload

      Detects Emotet payload in memory.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks