General
-
Target
f3a776d308604849545baceb828331a1f238ad312b742616783ca7f2b5f1a6f7
-
Size
47KB
-
Sample
220521-w5thaseccm
-
MD5
65cce55f50cc3fb1840679145e553823
-
SHA1
a8dceab7dea03ebeccf1af588ee407dae0163d82
-
SHA256
f3a776d308604849545baceb828331a1f238ad312b742616783ca7f2b5f1a6f7
-
SHA512
caf77a7ec501ac1dbfc2714a280bbc6be27120e736d50244b4fad24e11cfff5deb23eb1b3a9c4f4958a5765a45a933e4939925b3b4fa4cb45dae84f7fb1e39d3
Malware Config
Extracted
emotet
Epoch1
82.163.245.38:80
209.126.6.222:8080
5.153.250.14:8080
186.70.127.199:8090
190.128.173.10:80
190.195.129.227:8090
91.219.169.180:80
45.173.88.33:80
185.33.0.233:80
188.2.217.94:80
207.144.103.227:80
45.161.242.102:80
219.92.13.25:80
190.163.31.26:80
68.183.170.114:8080
191.99.160.58:80
73.213.208.163:80
94.176.234.118:443
104.131.41.185:8080
45.33.77.42:8080
Targets
-
-
Target
sample
-
Size
76KB
-
MD5
c4a270733902e2d467d43b8f9ae1eafa
-
SHA1
82add8c34fc524424150a63fe9028661080ed252
-
SHA256
334a1a583f8d82fd7acfa718db92a88bedb5cbbdd343dcfb7d1521e1d379bf2a
-
SHA512
26c61be11ab67575f5675557b93efbad83d9695d765bcc602ee2c441ca457824128df88c8a9bc74449d781b79fa2c7fdee6dd9d7b83aef53703b9970f54c8861
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M8
suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M8
-
suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M9
suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M9
-
Emotet Payload
Detects Emotet payload in memory.
-
Executes dropped EXE
-
Drops file in System32 directory
-