245ddb53f9821f9397b1a7c6392d31fa10af8eb0c4651cd8b6b4c17354a72fc5

General
Target

245ddb53f9821f9397b1a7c6392d31fa10af8eb0c4651cd8b6b4c17354a72fc5

Size

280KB

Sample

220521-xx8spacge5

Score
10 /10
MD5

731266b66eb0ec8a2eb7295381941616

SHA1

137b273614e41ffd8a71f484c9a565cb51734212

SHA256

245ddb53f9821f9397b1a7c6392d31fa10af8eb0c4651cd8b6b4c17354a72fc5

SHA512

9a36111053949e05484f07be830e82fdb6b2a5234b9d0a8d54249e543b2dc6d08bb6e2256aaa6a98e6d15eedfd1d7afa3b95be804782598442cc9b1f23c1fde7

Malware Config

Extracted

Family emotet
Botnet Epoch2
C2

137.119.36.33:80

116.202.234.183:8080

69.30.203.214:8080

204.197.146.48:80

87.106.136.232:8080

153.163.83.106:80

91.211.88.52:7080

93.147.212.206:80

222.214.218.37:4143

189.212.199.126:443

203.153.216.189:7080

83.169.36.251:8080

188.83.220.2:443

104.236.246.93:8080

173.62.217.22:443

5.196.74.210:8080

68.188.112.97:80

139.130.242.43:80

61.19.246.238:443

24.179.13.119:80

157.245.99.39:8080

116.203.32.252:8080

203.117.253.142:80

75.139.38.211:80

41.60.200.34:80

2.58.16.85:7080

199.101.86.142:8080

169.239.182.217:8080

209.141.54.221:8080

121.124.124.40:7080

67.205.85.243:8080

79.98.24.39:8080

85.105.205.77:8080

200.41.121.90:80

185.94.252.104:443

24.233.112.152:80

37.187.72.193:8080

89.186.91.200:443

47.144.21.12:443

103.86.49.11:8080

95.179.229.244:8080

190.55.181.54:443

113.160.130.116:8443

62.75.141.82:80

47.146.117.214:80

187.161.206.24:80

104.131.44.150:8080

109.74.5.95:8080

200.114.213.233:8080

139.59.60.244:8080

rsa_pubkey.plain
Targets
Target

245ddb53f9821f9397b1a7c6392d31fa10af8eb0c4651cd8b6b4c17354a72fc5

MD5

731266b66eb0ec8a2eb7295381941616

Filesize

280KB

Score
10/10
SHA1

137b273614e41ffd8a71f484c9a565cb51734212

SHA256

245ddb53f9821f9397b1a7c6392d31fa10af8eb0c4651cd8b6b4c17354a72fc5

SHA512

9a36111053949e05484f07be830e82fdb6b2a5234b9d0a8d54249e543b2dc6d08bb6e2256aaa6a98e6d15eedfd1d7afa3b95be804782598442cc9b1f23c1fde7

Tags

Signatures

  • Emotet

    Description

    Emotet is a trojan that is primarily spread through spam emails.

    Tags

  • suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M8

    Description

    suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M8

    Tags

  • suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M9

    Description

    suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M9

    Tags

  • Emotet Payload

    Description

    Detects Emotet payload in memory.

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10