Overview

overview

10

Static

static

caaaafe53a...3f.dll

windows7_x64

10

caaaafe53a...3f.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    caaaafe53a73a297db132357ed69fa2a9489bbdc134aeded11b7eb59a217c63f

  • Size

    219KB

  • Sample

    220317-ww5tzaeahj

  • MD5

    4568aa57fc74251221606f177b84da28

  • SHA1

    a92a66210adfb27ccfeeef1dda1aa714fe51241d

  • SHA256

    caaaafe53a73a297db132357ed69fa2a9489bbdc134aeded11b7eb59a217c63f

  • SHA512

    674b0c658985c912fd7b96983cf8dae4cdc9b9fb63a646de55abdf9a84d2fad942f255b802b620cb7f3b4eebbc7b7d5c7c495fc72903c03bffa9cc7ec603f36a

Score
10/10
emotetepoch2bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

173.70.61.180:80

59.21.235.119:80

50.116.111.59:8080

173.249.20.233:443

188.165.214.98:8080

72.188.173.74:80

74.40.205.197:443

64.207.182.168:8080

97.120.3.198:80

190.29.166.0:80

123.176.25.234:80

155.186.9.160:80

138.68.87.218:443

139.99.158.11:443

78.24.219.147:8080

58.1.242.115:80

108.21.72.56:443

188.219.31.12:80

70.180.33.202:80

181.171.209.241:443
rsa_pubkey.plain

Targets

    • Target

      caaaafe53a73a297db132357ed69fa2a9489bbdc134aeded11b7eb59a217c63f

    • Size

      219KB

    • MD5

      4568aa57fc74251221606f177b84da28

    • SHA1

      a92a66210adfb27ccfeeef1dda1aa714fe51241d

    • SHA256

      caaaafe53a73a297db132357ed69fa2a9489bbdc134aeded11b7eb59a217c63f

    • SHA512

      674b0c658985c912fd7b96983cf8dae4cdc9b9fb63a646de55abdf9a84d2fad942f255b802b620cb7f3b4eebbc7b7d5c7c495fc72903c03bffa9cc7ec603f36a

    Score
    10/10
    emotetepoch2bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Emotet3

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks