General

  • Target

    ae90a26f50161558cba0cc3a4e8e5d58b5cbb25cd73b2e433ec8117206981d9c

  • Size

    61KB

  • Sample

    220724-2g1vcsbbhk

  • MD5

    b6b3b7ab04cab7927e043a3a1fe795a6

  • SHA1

    c7e23a585698078df1dcc734a78044b04541495c

  • SHA256

    ae90a26f50161558cba0cc3a4e8e5d58b5cbb25cd73b2e433ec8117206981d9c

  • SHA512

    7d851bf0c9503b64525e5294abda713655169cec57cadc282275c1851cdb253d0fc7968551fb2c0c42f9d70efeb3960ff225328a805f94a83045fe0ed641483f

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

70.32.94.58:8080

213.138.100.98:8080

144.76.62.10:8080

110.36.234.146:80

51.38.134.203:8080

83.169.33.157:8080

113.52.135.33:7080

93.78.205.196:443

178.249.187.150:7080

216.75.37.196:8080

181.97.70.132:8080

181.47.235.26:993

176.58.93.123:80

80.227.67.18:20

138.197.140.163:8080

190.13.146.47:443

173.249.157.58:8080

192.241.220.183:8080

186.10.16.244:53

181.113.229.139:990

rsa_pubkey.plain

Targets

    • Target

      ae90a26f50161558cba0cc3a4e8e5d58b5cbb25cd73b2e433ec8117206981d9c

    • Size

      61KB

    • MD5

      b6b3b7ab04cab7927e043a3a1fe795a6

    • SHA1

      c7e23a585698078df1dcc734a78044b04541495c

    • SHA256

      ae90a26f50161558cba0cc3a4e8e5d58b5cbb25cd73b2e433ec8117206981d9c

    • SHA512

      7d851bf0c9503b64525e5294abda713655169cec57cadc282275c1851cdb253d0fc7968551fb2c0c42f9d70efeb3960ff225328a805f94a83045fe0ed641483f

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M3

      suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M3

    • suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M4

      suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M4

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks