General
-
Target
1db8e58e7d8edf43d2be4907527355fa7202aab61755ef12c2e6b45f5fb62e21
-
Size
47KB
-
Sample
220521-w6hr7aecfm
-
MD5
5f1632b61f6b7b05e8da7abf6914c1cc
-
SHA1
fe9d7afd2346e5542b940954e63d48343e221331
-
SHA256
1db8e58e7d8edf43d2be4907527355fa7202aab61755ef12c2e6b45f5fb62e21
-
SHA512
3fa46f55402f1db93a7f79e91811400e71c84287656773ebd6eaa8399fd96cf9c549253f4e96ad1c105015edbc45a1f643a301313aecf1b82874b05b709f115f
Malware Config
Extracted
emotet
Epoch1
82.163.245.38:80
209.126.6.222:8080
5.153.250.14:8080
186.70.127.199:8090
190.128.173.10:80
190.195.129.227:8090
91.219.169.180:80
45.173.88.33:80
185.33.0.233:80
188.2.217.94:80
207.144.103.227:80
45.161.242.102:80
219.92.13.25:80
190.163.31.26:80
68.183.170.114:8080
191.99.160.58:80
73.213.208.163:80
94.176.234.118:443
104.131.41.185:8080
45.33.77.42:8080
Targets
-
-
Target
sample
-
Size
76KB
-
MD5
f7b4adb57e972cb9baa8127a6610c188
-
SHA1
6e4d4fd3a8d998df7235f480b95fa199dc5acc6f
-
SHA256
de4ade977ad4ff98b4e2cf26830ee5b9c810fa417fbc2fbeedb4a65bced5554d
-
SHA512
e20fac477b3af0882e3c19c8af7fa9d137afc8ed427ab3c76d61a760306ba189eea89b0c6633ff78badcb6179e9c3489e89f9035e996056c8ad8f93984c08206
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M8
suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M8
-
suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M9
suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M9
-
Emotet Payload
Detects Emotet payload in memory.
-
Executes dropped EXE
-
Drops file in System32 directory
-