General
-
Target
c68eabd43b8f840c9f3604a7e0cfeddf11893371e9d8c26656f49906c19a01c2
-
Size
244KB
-
Sample
230129-wb11aahc7z
-
MD5
4476793a918bbd7df4ad6fc9d3c5ecab
-
SHA1
70d790451e55facc6d1177bb4d7cf198490e0f8a
-
SHA256
c68eabd43b8f840c9f3604a7e0cfeddf11893371e9d8c26656f49906c19a01c2
-
SHA512
cc610db3fc40e51d3a27aee15b35a3f4f67f5a48f72123c8ffab4777a97e12e9b9a1542c529c87f0e464daa4f18a392d391c2d14621c2d0553c7819d67e092d0
-
SSDEEP
6144:uaYl0wVsoWPdPyThWhzhaA5Umd5ijA/YlfhL+Nh:uUwVYt68bndiuY9MN
Malware Config
Extracted
emotet
Epoch2
105.186.87.144:80
186.75.241.230:80
200.21.90.6:80
212.129.24.82:8080
162.144.47.94:7080
77.237.248.136:8080
185.142.236.163:443
63.142.253.122:8080
190.145.67.134:8090
182.176.132.213:8090
88.247.163.44:80
85.106.1.166:50000
45.123.3.54:443
37.157.194.134:443
142.44.162.209:8080
159.65.25.128:8080
190.211.207.11:443
85.104.59.244:20
201.251.43.69:8080
101.187.237.217:20
Targets
-
-
Target
c68eabd43b8f840c9f3604a7e0cfeddf11893371e9d8c26656f49906c19a01c2
-
Size
244KB
-
MD5
4476793a918bbd7df4ad6fc9d3c5ecab
-
SHA1
70d790451e55facc6d1177bb4d7cf198490e0f8a
-
SHA256
c68eabd43b8f840c9f3604a7e0cfeddf11893371e9d8c26656f49906c19a01c2
-
SHA512
cc610db3fc40e51d3a27aee15b35a3f4f67f5a48f72123c8ffab4777a97e12e9b9a1542c529c87f0e464daa4f18a392d391c2d14621c2d0553c7819d67e092d0
-
SSDEEP
6144:uaYl0wVsoWPdPyThWhzhaA5Umd5ijA/YlfhL+Nh:uUwVYt68bndiuY9MN
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-