General

  • Target

    file.zip

  • Size

    3.2MB

  • Sample

    220630-wa4psaeeak

  • MD5

    08c4a2e909e32892298ea2aef7cc1c8c

  • SHA1

    be3fee44a7de4a9d0349ff5c66f6c316cc1e6d20

  • SHA256

    40a4bcc665924ecb16832454b9d4c31bcc0e2c25297721a76c91e55f439e5d52

  • SHA512

    991d624bf03e8e1f611bd9405fb33e2b9408b8b6a1c166fd098d5c994a849fb2f0c39dfeb61991c7cb01d18364d48113626209105159d667c06ae6048eca6cde

Malware Config

Extracted

Family

emotet

Botnet

Epoch5

C2

103.71.99.57:8080

103.224.241.74:8080

157.245.111.0:8080

37.44.244.177:8080

103.41.204.169:8080

64.227.55.231:8080

103.254.12.236:7080

103.85.95.4:8080

157.230.99.206:8080

165.22.254.236:8080

85.214.67.203:8080

54.37.228.122:443

195.77.239.39:8080

128.199.217.206:443

190.145.8.4:443

165.232.185.110:8080

188.165.79.151:443

178.62.112.199:8080

54.37.106.167:8080

104.244.79.94:443

eck1.plain
ecs1.plain

Extracted

Family

emotet

Botnet

Epoch4

C2

82.165.152.127:8080

51.161.73.194:443

103.75.201.2:443

5.9.116.246:8080

213.241.20.155:443

79.137.35.198:8080

119.193.124.41:7080

186.194.240.217:443

172.105.226.75:8080

150.95.66.124:8080

131.100.24.231:80

94.23.45.86:4143

209.97.163.214:443

206.189.28.199:8080

173.212.193.249:8080

153.126.146.25:7080

51.91.76.89:8080

1.234.2.232:8080

163.44.196.120:8080

149.56.131.28:8080

eck1.plain
ecs1.plain

Targets

    • Target

      17e0d0b77814b8e80d4a351e3bb6f8d9.dll

    • Size

      470KB

    • MD5

      17e0d0b77814b8e80d4a351e3bb6f8d9

    • SHA1

      d828db7de88d84aacae9a0c65ecd1f0abcf4acd7

    • SHA256

      6a4b326282a44a7657cb652698395499bc8e924762e5336e2d415f9c10f10cbe

    • SHA512

      8a07d29bd63a7e2d1eddb64ef6ea5731ddfee7f6a3c1b9da29309791802aebf83d192b53d0ef09686aaa0a39b3774ffedb8548021474ae7b37b8b70d36a90221

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

    • Target

      25ea9824212795ce72687b5bbd118642.dll

    • Size

      669KB

    • MD5

      25ea9824212795ce72687b5bbd118642

    • SHA1

      9f84cf8fc60926a69ad9e2403e3d094bdd755f67

    • SHA256

      b1455f8ef9f8f65fd35fc81c87e287ff7c06b978b76dbce7cdc5b9626649bb0c

    • SHA512

      1d8ff864c43e43931ddda320455e50ef2abe7fc9449b49169d3e3ebec15206fa13bb8bd57ecb36780ea73a2bfa22271b21d8d54a44fe892085cda3e8df162886

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

    • Target

      3df8f85eefe19a9535e955127263d54a.dll

    • Size

      425KB

    • MD5

      3df8f85eefe19a9535e955127263d54a

    • SHA1

      b0e49dfdeae76946a0b5636f3448df17f12b6c14

    • SHA256

      569376bfee5f41ee40453c92a6aee94e83e841dc589fa6020a2d0d9ec0059860

    • SHA512

      9024e149f7970c48e5e3715e76f05dc49b974228ba5e5c7260c28f73000761b13aed5e8971af0312632a566e3004f463b60bd43274f829bfc76c24e161f63a1e

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

    • Target

      71dda292cf502407e0e80cc59ab8e213.dll

    • Size

      425KB

    • MD5

      71dda292cf502407e0e80cc59ab8e213

    • SHA1

      f58af385f697adfb11f8b0a1c9f0c6d14a4f7472

    • SHA256

      6b277eb8e6dd33e69f8583e8ac5055f4610b47d753a90be04b9d613c7cb081ea

    • SHA512

      1b15316107f22850a9a70731ab3034055a0decc3bfddfdc78434861b5dc5f5b211ca726b5ee861d91e7142066f6604ecbd83574fabf5d5c401b8307d4feb9b52

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

    • Target

      773397527ddca01485316d2af9ef2247.dll

    • Size

      470KB

    • MD5

      773397527ddca01485316d2af9ef2247

    • SHA1

      100b5edf9fa9ad8441df36d969c0f18b6aa26f45

    • SHA256

      6e86a5b6ac06a9df6d46e65728c81e270e3f930fc3984193e93edab77bd9b167

    • SHA512

      2c833d4b56dd123a61f583cfc64d480622fb33ccacf2b5a51929eddd9a1fcd7818d66b16bd5e01cc6adb4a420a41aaabe8849ff6e0c6e1e9154ede0590c1d292

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

    • Target

      9a1bf8cf9fe7ae13741d8ddb218c96b2.dll

    • Size

      471KB

    • MD5

      9a1bf8cf9fe7ae13741d8ddb218c96b2

    • SHA1

      cd51b04b5c0db92d1364d78030ca475381e743bb

    • SHA256

      66be01a7fa1f5167ba3cc60dbd3281cbd636ede4f06ceb2bc0caabe58afe7186

    • SHA512

      3a52918cdb536c8c268ee165959ea94a6f0fcddb154dcd7fc1937eabb682d645627e752faf81b0810bb704ff5844b324a8650835dd1b48eacaa149d936642d2c

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

    • Target

      a95a6e84735ec1187ef18d4aa500443e.dll

    • Size

      425KB

    • MD5

      a95a6e84735ec1187ef18d4aa500443e

    • SHA1

      1b0ff2660a996b7471f8e19947eb3baab91f42fc

    • SHA256

      8b6749037a8d348ae1cb16bc547b609859d7fe73275a4a015e79d8122f6ce36b

    • SHA512

      19cb5983498097f0f8edf40f0b29e0922bac2d52f33778e3ac8e83bc3263153e29d209775cde4b9d1cba845488052dd4fcf5751d997090a4a350c8219c2f446c

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

    • Target

      d77b83fc86cf84cc40afbc0213db0bda.dll

    • Size

      425KB

    • MD5

      d77b83fc86cf84cc40afbc0213db0bda

    • SHA1

      fd72eaf67c008e7949f56a7bf20b18ccff54af16

    • SHA256

      a8b544949b7ae8534be62b24233100d48ed2f64fb155cd65d0c2c387b17a8b30

    • SHA512

      e62b42f0054f18a09aef5d5b247ebeb3dea6e2d9b4e63cc21b8b12025a9d5e06c702650af39854eabb598df70132ea419aa1d99be47101b5769f06bf20f0b333

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

    • Target

      d8179b93db2cc4e0f1957387332cc8f1.dll

    • Size

      669KB

    • MD5

      d8179b93db2cc4e0f1957387332cc8f1

    • SHA1

      de81fab89ff59e9faa6be75da36aa49427d4fdb1

    • SHA256

      80df75224241ae7a1a55286574bf6452540f7b7c02d92a6484f165d442f3809e

    • SHA512

      9181353e4e4c07c691caf16874625833b5eeadb11f5d77550516a98af2a40f192269bf11137720e3b52ed65bbc687d31e53fd3096f97ae7c28822ea40d2cd75e

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

MITRE ATT&CK Matrix

Tasks

static1

Score
N/A

behavioral1

emotetepoch5bankersuricatatrojan
Score
10/10

behavioral2

emotetepoch5bankersuricatatrojan
Score
10/10

behavioral3

emotetepoch4bankersuricatatrojan
Score
10/10

behavioral4

emotetepoch4bankersuricatatrojan
Score
10/10

behavioral5

emotetepoch4bankersuricatatrojan
Score
10/10

behavioral6

emotetepoch4bankersuricatatrojan
Score
10/10

behavioral7

emotetepoch4bankersuricatatrojan
Score
10/10

behavioral8

emotetepoch4bankersuricatatrojan
Score
10/10

behavioral9

emotetepoch5bankersuricatatrojan
Score
10/10

behavioral10

emotetepoch5bankersuricatatrojan
Score
10/10

behavioral11

emotetepoch5bankersuricatatrojan
Score
10/10

behavioral12

emotetepoch5bankersuricatatrojan
Score
10/10

behavioral13

emotetepoch4bankersuricatatrojan
Score
10/10

behavioral14

emotetepoch4bankersuricatatrojan
Score
10/10

behavioral15

emotetepoch4bankersuricatatrojan
Score
10/10

behavioral16

emotetepoch4bankersuricatatrojan
Score
10/10

behavioral17

emotetepoch4bankersuricatatrojan
Score
10/10

behavioral18

emotetepoch4bankersuricatatrojan
Score
10/10