4579bca4d958f8aef3cb870f2129d3932437685278a0b3daef7f66592b50aa98

General
Target

4579bca4d958f8aef3cb870f2129d3932437685278a0b3daef7f66592b50aa98

Size

448KB

Sample

220521-xbg3vaefdj

Score
10 /10
MD5

4f43483f5f7151ca32566a8425d0b825

SHA1

d0963c5fc1fa71906adceed34a377c9432f054c1

SHA256

4579bca4d958f8aef3cb870f2129d3932437685278a0b3daef7f66592b50aa98

SHA512

fbf675f445881ba7e46ba5bebeda537dcc24af2689d897c6f164a973d25b08c06d0eb11dda681adf4ba291862796b9d6e66d7ce21524956a7ae890cb1422f187

Malware Config

Extracted

Family emotet
Botnet Epoch1
C2

174.100.27.229:80

209.126.6.222:8080

5.153.250.14:8080

192.241.146.84:8080

95.9.180.128:80

77.55.211.77:8080

85.105.140.135:443

45.33.77.42:8080

77.90.136.129:8080

94.176.234.118:443

190.163.31.26:80

190.6.193.152:8080

190.181.235.46:80

81.198.69.61:80

188.2.217.94:80

114.109.179.60:80

83.169.21.32:7080

137.74.106.111:7080

212.231.60.98:80

170.81.48.2:80

177.74.228.34:80

178.79.163.131:8080

190.147.137.153:443

73.116.193.136:80

187.162.248.237:80

80.249.176.206:80

12.162.84.2:8080

219.92.13.25:80

46.28.111.142:7080

185.94.252.12:80

24.135.198.218:80

217.199.160.224:7080

70.32.115.157:8080

91.219.169.180:80

186.103.141.250:443

70.32.84.74:8080

172.104.169.32:8080

181.129.96.162:8080

178.250.54.208:8080

61.92.159.208:8080

190.190.148.27:8080

192.241.143.52:8080

51.159.23.217:443

82.196.15.205:8080

45.161.242.102:80

186.70.127.199:8090

204.225.249.100:7080

58.171.153.81:80

145.236.8.174:80

87.106.46.107:8080

rsa_pubkey.plain
Targets
Target

4579bca4d958f8aef3cb870f2129d3932437685278a0b3daef7f66592b50aa98

MD5

4f43483f5f7151ca32566a8425d0b825

Filesize

448KB

Score
10/10
SHA1

d0963c5fc1fa71906adceed34a377c9432f054c1

SHA256

4579bca4d958f8aef3cb870f2129d3932437685278a0b3daef7f66592b50aa98

SHA512

fbf675f445881ba7e46ba5bebeda537dcc24af2689d897c6f164a973d25b08c06d0eb11dda681adf4ba291862796b9d6e66d7ce21524956a7ae890cb1422f187

Tags

Signatures

  • Emotet

    Description

    Emotet is a trojan that is primarily spread through spam emails.

    Tags

  • suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M8

    Description

    suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M8

    Tags

  • suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M9

    Description

    suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M9

    Tags

  • Emotet Payload

    Description

    Detects Emotet payload in memory.

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1