General

  • Target

    dcedbb41f280ea1b93377681cf98f1b7393681bb84099051fe9ee9868ace4bae

  • Size

    80KB

  • Sample

    220731-lwrl8sbffj

  • MD5

    d307ad3ff86b34ccd233634eda0e2c3b

  • SHA1

    50e8a2510ee53e76c68f6abc5a0831e3465ecdd2

  • SHA256

    dcedbb41f280ea1b93377681cf98f1b7393681bb84099051fe9ee9868ace4bae

  • SHA512

    eae92e75314ef6e61f5a495a6dc74ba6bb461ddf02008c545e425bb5ce2d2ead1c35d5478f658a00ce81f59d242712e886e749dc9a9c397240643ed15045e5f1

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

181.99.235.57:80

187.199.158.226:443

186.0.95.172:80

46.41.134.46:8080

178.249.187.151:8080

217.199.160.224:8080

71.244.60.230:7080

119.59.124.163:8080

109.169.86.13:8080

190.200.64.180:7080

217.113.27.158:443

71.244.60.231:7080

46.21.105.59:8080

179.62.18.56:443

211.229.116.97:80

88.250.223.190:8080

181.188.149.134:80

91.205.215.57:7080

190.230.60.129:80

77.55.211.77:8080

rsa_pubkey.plain

Targets

    • Target

      dcedbb41f280ea1b93377681cf98f1b7393681bb84099051fe9ee9868ace4bae

    • Size

      80KB

    • MD5

      d307ad3ff86b34ccd233634eda0e2c3b

    • SHA1

      50e8a2510ee53e76c68f6abc5a0831e3465ecdd2

    • SHA256

      dcedbb41f280ea1b93377681cf98f1b7393681bb84099051fe9ee9868ace4bae

    • SHA512

      eae92e75314ef6e61f5a495a6dc74ba6bb461ddf02008c545e425bb5ce2d2ead1c35d5478f658a00ce81f59d242712e886e749dc9a9c397240643ed15045e5f1

    Score
    10/10
    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks