emotet | 4f8a0ad5d809aefffefa014fb556aa5fbe82ec08[.]zip

General

Target

4f8a0ad5d809aefffefa014fb556aa5fbe82ec08.zip
Size

20KB
MD5

456072dc55f47477f58a544cc0680286
SHA1

5441f237d133f601e9b998e1901849cfdb7215c0
SHA256

80ef22f53400f7c50cc971697dd8d3909580c5bd4c2ca6241588fbde4ac03921
SHA512

6fc27c82529ba3803191b401e28cc55ff630caf214dad7c8738640a16fc9cf0d0286da556ba38af0ae57b8231a1f6a01560e944257ea97e3433d213d8d85d4c3
SSDEEP

384:f6oWsdcLtsPh95Fi4yDevNBjxgsQBph3+q3uyem+jAABkJiKjjmaqcQL17:fhWvAme1gsQBv3leyeo+9AjcfLp

Score

10^/10

trojan banker epoch2 emotet

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

68.44.137.144:443

69.30.203.214:8080

67.205.85.243:8080

79.98.24.39:8080

5.196.74.210:8080

188.83.220.2:443

109.116.214.124:443

203.117.253.142:80

104.131.11.150:443

97.82.79.83:80

121.124.124.40:7080

83.169.36.251:8080

89.186.91.200:443

70.167.215.250:8080

204.197.146.48:80

167.86.90.214:8080

190.160.53.126:80

95.213.236.64:8080

47.144.21.12:443

169.239.182.217:8080

rsa_pubkey.plain

Signatures

Emotet family
emotet

Emotet payload 1 IoCs

Detects Emotet payload in memory.

trojan banker

resource	yara_rule
static1/unpack001/4f8a0ad5d809aefffefa014fb556aa5fbe82ec08.rl	emotet

Files

4f8a0ad5d809aefffefa014fb556aa5fbe82ec08.zip
.zip

Password: infected
4f8a0ad5d809aefffefa014fb556aa5fbe82ec08.rl
.exe windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 512B - Virtual size: 2B

.data Size: 3KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 308B

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 512B - Virtual size: 2B

.data
Size: 3KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 308B