General

  • Target

    f4b7e6b558e760fa19bcee7f45835c5757def7588d68620e3f16e83a2c58ad19

  • Size

    516KB

  • Sample

    220701-htznaahaar

  • MD5

    4f34a0fcc16ae643624d1f5a7d048a99

  • SHA1

    752c86f276ffc336751d9a9acf9e1799f2ae749e

  • SHA256

    f4b7e6b558e760fa19bcee7f45835c5757def7588d68620e3f16e83a2c58ad19

  • SHA512

    6d3ba337077222a345a2f7f9a13c2d039b86e7a0d66876f58ecda396c5fcbc7d889f47ae9ac4994b6d4d6d01f731824ba9cb762e875893d82e1e08a1c3c4482e

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

80.11.163.139:443

186.75.241.230:80

181.143.194.138:443

77.237.248.136:8080

185.142.236.163:443

63.142.253.122:8080

178.254.6.27:7080

92.222.125.16:7080

87.106.139.101:8080

175.100.138.82:22

188.166.253.46:8080

104.236.246.93:8080

119.15.153.237:80

181.164.8.25:80

31.172.240.91:8080

222.214.218.192:8080

187.144.189.58:50000

190.106.97.230:443

88.156.97.210:80

190.226.44.20:21

rsa_pubkey.plain

Targets

    • Target

      f4b7e6b558e760fa19bcee7f45835c5757def7588d68620e3f16e83a2c58ad19

    • Size

      516KB

    • MD5

      4f34a0fcc16ae643624d1f5a7d048a99

    • SHA1

      752c86f276ffc336751d9a9acf9e1799f2ae749e

    • SHA256

      f4b7e6b558e760fa19bcee7f45835c5757def7588d68620e3f16e83a2c58ad19

    • SHA512

      6d3ba337077222a345a2f7f9a13c2d039b86e7a0d66876f58ecda396c5fcbc7d889f47ae9ac4994b6d4d6d01f731824ba9cb762e875893d82e1e08a1c3c4482e

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks