General

  • Target

    e5-eca8310649c37777dbbb79926e00a128.dll

  • Size

    420KB

  • Sample

    220405-z38qzsgfbq

  • MD5

    eca8310649c37777dbbb79926e00a128

  • SHA1

    430054a3c161b434b9247d843398411c4023ed84

  • SHA256

    55bd39ed957ebc1545c4ba8a685ecd7a934063bad4345fc69ab82d7b24335d8a

  • SHA512

    2f5cc0fa915c3f15516db4e57c8f15f338775f1b6015cb92de3944488a422d36ed3917340bdd1987517cdb612d227c7e1aba5980012f176ca0a743a9d2131bed

Malware Config

Extracted

Family

emotet

Botnet

Epoch5

C2

5.189.160.61:443

94.177.178.26:8080

202.29.239.162:443

54.38.143.246:7080

119.59.125.140:8080

185.148.168.15:8080

188.166.229.148:443

2.58.16.87:8080

104.131.62.48:8080

103.82.248.59:7080

37.59.209.141:8080

103.133.214.242:8080

195.77.239.39:8080

128.199.192.135:8080

78.47.204.80:443

59.148.253.194:443

87.106.97.83:7080

45.71.195.104:8080

85.214.67.203:8080

139.196.72.155:8080

eck1.plain
ecs1.plain

Targets

    • Target

      e5-eca8310649c37777dbbb79926e00a128.dll

    • Size

      420KB

    • MD5

      eca8310649c37777dbbb79926e00a128

    • SHA1

      430054a3c161b434b9247d843398411c4023ed84

    • SHA256

      55bd39ed957ebc1545c4ba8a685ecd7a934063bad4345fc69ab82d7b24335d8a

    • SHA512

      2f5cc0fa915c3f15516db4e57c8f15f338775f1b6015cb92de3944488a422d36ed3917340bdd1987517cdb612d227c7e1aba5980012f176ca0a743a9d2131bed

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation