General

  • Target

    8deb508a95178d159b43da93160ff6d64c5ad468f1f91e222021eba9292954a1

  • Size

    400KB

  • Sample

    220731-g8d5fsdehj

  • MD5

    7332e39a8d45ca37ee9a767fa00ec90f

  • SHA1

    026064006b987ed951ffce4f03c4394f557bf588

  • SHA256

    8deb508a95178d159b43da93160ff6d64c5ad468f1f91e222021eba9292954a1

  • SHA512

    443270e1050bf8beb5898455ebd5ad5605f870315c3a3fa3768629681c0c8891d754ca9a2a83ed4c61eec331aeb0ff69153f081b2d1c36ad7f38d5af515f3478

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

189.129.4.186:80

189.244.245.238:80

79.127.57.42:80

207.180.208.175:8080

71.244.60.230:7080

119.59.124.163:8080

71.244.60.231:7080

104.236.243.129:8080

190.117.206.153:443

80.85.87.122:8080

77.245.101.134:8080

138.68.106.4:7080

187.155.233.46:443

190.230.60.129:80

200.21.90.6:8080

159.203.204.126:8080

181.188.149.134:80

62.75.143.100:7080

23.92.22.225:7080

183.87.87.73:80

rsa_pubkey.plain

Targets

    • Target

      8deb508a95178d159b43da93160ff6d64c5ad468f1f91e222021eba9292954a1

    • Size

      400KB

    • MD5

      7332e39a8d45ca37ee9a767fa00ec90f

    • SHA1

      026064006b987ed951ffce4f03c4394f557bf588

    • SHA256

      8deb508a95178d159b43da93160ff6d64c5ad468f1f91e222021eba9292954a1

    • SHA512

      443270e1050bf8beb5898455ebd5ad5605f870315c3a3fa3768629681c0c8891d754ca9a2a83ed4c61eec331aeb0ff69153f081b2d1c36ad7f38d5af515f3478

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks