General

  • Target

    0f50cd76ed7ff14f191e69254c046d23fe27f761ce6d97fd82fbc5dbdf3277e8

  • Size

    696KB

  • Sample

    220630-vywhmsdghk

  • MD5

    b9c50267573db092835d6ee34dcef003

  • SHA1

    a015fc71a36ab993ec1cb287096efff4e95d054b

  • SHA256

    0f50cd76ed7ff14f191e69254c046d23fe27f761ce6d97fd82fbc5dbdf3277e8

  • SHA512

    194809fcf9c2e46a683e5a4b4c801f828fb934c0852534c9195af80192fd628b5dfd088140a7d6ee79289ca1688aea6a0af0930c7aad67a8382d2e1e06639ec1

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

47.36.140.164:80

169.50.76.149:8080

162.241.140.129:8080

104.131.123.136:443

95.213.236.64:8080

130.0.132.242:80

123.176.25.234:80

46.105.131.79:8080

157.245.99.39:8080

79.98.24.39:8080

49.50.209.131:80

72.143.73.234:443

50.91.114.38:80

89.216.122.92:80

5.39.91.110:7080

121.124.124.40:7080

71.72.196.159:80

5.196.74.210:8080

139.162.108.71:8080

61.19.246.238:443

rsa_pubkey.plain

Targets

    • Target

      0f50cd76ed7ff14f191e69254c046d23fe27f761ce6d97fd82fbc5dbdf3277e8

    • Size

      696KB

    • MD5

      b9c50267573db092835d6ee34dcef003

    • SHA1

      a015fc71a36ab993ec1cb287096efff4e95d054b

    • SHA256

      0f50cd76ed7ff14f191e69254c046d23fe27f761ce6d97fd82fbc5dbdf3277e8

    • SHA512

      194809fcf9c2e46a683e5a4b4c801f828fb934c0852534c9195af80192fd628b5dfd088140a7d6ee79289ca1688aea6a0af0930c7aad67a8382d2e1e06639ec1

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M11

      suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M11

    • Emotet Payload

      Detects Emotet payload in memory.

    • Dave packer

      Detects executable using a packer named 'Dave' by the community, based on a string at the end.

MITRE ATT&CK Matrix

Tasks