General
-
Target
4b2509eb52fab499741a2eab115c789d7d8d489c.exe
-
Size
544KB
-
Sample
221130-k1622saa3v
-
MD5
2421e3c9e8438dcac0ff6447f86e36f9
-
SHA1
4b2509eb52fab499741a2eab115c789d7d8d489c
-
SHA256
4b28154f980d8fec3b4a0367c107f3966f9358bd27ca20385d3e1422a61bcf67
-
SHA512
4f04399c59f283a6a30533f18ee211c69723fe01dd9b9379437a6a56adde1bc6de3d596eeb14dbc496719eb64bb958730192f4964c5be823838bc9da1cf0ef43
-
SSDEEP
12288:vGLDDmvjUmzaOopzIYoz1Wuh1o7rxi3IrtKZ:YDqj8OoaYCYuUr0SY
Static task
static1
Behavioral task
behavioral1
Sample
4b2509eb52fab499741a2eab115c789d7d8d489c.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4b2509eb52fab499741a2eab115c789d7d8d489c.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
emotet
Epoch1
110.36.234.146:80
191.82.16.60:80
91.83.93.105:8080
216.98.148.181:8080
68.183.190.199:8080
190.230.60.129:80
183.82.97.25:80
114.79.134.129:443
89.188.124.145:443
178.79.163.131:8080
76.69.29.42:80
87.106.77.40:7080
178.249.187.151:8080
62.75.143.100:7080
201.163.74.202:443
62.75.160.178:8080
181.188.149.134:80
186.0.95.172:80
217.199.160.224:8080
203.25.159.3:8080
189.160.49.234:8443
190.104.253.234:990
71.244.60.230:7080
159.203.204.126:8080
71.244.60.231:7080
142.93.82.57:8080
46.41.151.103:8080
138.68.106.4:7080
5.1.86.195:8080
149.62.173.247:8080
170.84.133.72:7080
190.230.60.129:8080
190.97.30.167:990
190.85.152.186:8080
200.58.171.51:80
51.15.8.192:8080
190.158.19.141:80
91.83.93.124:7080
139.5.237.27:443
123.168.4.66:22
81.169.140.14:443
187.188.166.192:80
212.71.237.140:8080
186.1.41.111:443
77.245.101.134:8080
181.29.101.13:8080
181.44.166.242:80
185.86.148.222:8080
86.42.166.147:80
190.221.50.210:8080
94.183.71.206:7080
181.36.42.205:443
170.84.133.72:8443
68.183.170.114:8080
79.129.0.173:8080
184.69.214.94:20
189.180.243.255:8080
200.57.102.71:8443
109.104.79.48:8080
185.187.198.10:8080
80.85.87.122:8080
181.143.101.18:8080
119.59.124.163:8080
46.163.144.228:80
50.28.51.143:8080
88.250.223.190:8080
190.38.14.52:80
119.159.150.176:443
5.77.13.70:80
200.51.94.251:143
82.196.15.205:8080
201.199.93.30:443
5.196.35.138:7080
46.28.111.142:7080
125.99.61.162:7080
189.166.68.89:443
151.80.142.33:80
79.143.182.254:8080
119.92.51.40:8080
46.101.212.195:8080
46.29.183.211:8080
91.205.215.57:7080
190.10.194.42:8080
77.55.211.77:8080
109.169.86.13:8080
190.1.37.125:443
Targets
-
-
Target
4b2509eb52fab499741a2eab115c789d7d8d489c.exe
-
Size
544KB
-
MD5
2421e3c9e8438dcac0ff6447f86e36f9
-
SHA1
4b2509eb52fab499741a2eab115c789d7d8d489c
-
SHA256
4b28154f980d8fec3b4a0367c107f3966f9358bd27ca20385d3e1422a61bcf67
-
SHA512
4f04399c59f283a6a30533f18ee211c69723fe01dd9b9379437a6a56adde1bc6de3d596eeb14dbc496719eb64bb958730192f4964c5be823838bc9da1cf0ef43
-
SSDEEP
12288:vGLDDmvjUmzaOopzIYoz1Wuh1o7rxi3IrtKZ:YDqj8OoaYCYuUr0SY
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Drops file in System32 directory
-