Overview

overview

10

Static

static

837b994c1c...db.exe

windows7-x64

10

837b994c1c...db.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    837b994c1c16a3a7b71a4641bae8531f3f145893d63434842af05d226e8aa1db

  • Size

    172KB

  • Sample

    230129-ww6q9sgf67

  • MD5

    0c79e2047f2afd97b4fad12ce1127847

  • SHA1

    88b1aa9a3abacfbca2c18956c5aff88efe05c23c

  • SHA256

    837b994c1c16a3a7b71a4641bae8531f3f145893d63434842af05d226e8aa1db

  • SHA512

    9bb23413088ccb77830628011dcc665be8bfb17e20d81f9ad2451f8c63b02d1485d15c09532891d0dad7d551215f4d7f8ac2130c1ab9d09b2c1bd716c76dd613

  • SSDEEP

    3072:u2nTLLEpyrQqMEh7fnt8V7TDv98FT7QFhfxbXxgCzXtQk:u2nTLUyrQBENt8VfZ8FTYXxZz6k

Score
10/10
emotetepoch2bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

81.109.227.123:80

82.15.36.209:443

142.4.198.249:7080

162.144.119.216:8080

142.93.88.16:443

31.12.67.62:7080

91.83.93.103:7080

178.152.78.149:20

104.131.208.175:8080

136.243.177.26:8080

206.189.98.125:8080

178.79.161.166:443

195.242.117.231:8080

187.163.222.244:465

186.144.64.31:53

104.236.99.225:8080

71.244.60.230:8080

91.205.215.66:8080

212.71.234.16:8080

190.25.255.98:443
rsa_pubkey.plain

Targets

    • Target

      837b994c1c16a3a7b71a4641bae8531f3f145893d63434842af05d226e8aa1db

    • Size

      172KB

    • MD5

      0c79e2047f2afd97b4fad12ce1127847

    • SHA1

      88b1aa9a3abacfbca2c18956c5aff88efe05c23c

    • SHA256

      837b994c1c16a3a7b71a4641bae8531f3f145893d63434842af05d226e8aa1db

    • SHA512

      9bb23413088ccb77830628011dcc665be8bfb17e20d81f9ad2451f8c63b02d1485d15c09532891d0dad7d551215f4d7f8ac2130c1ab9d09b2c1bd716c76dd613

    • SSDEEP

      3072:u2nTLLEpyrQqMEh7fnt8V7TDv98FT7QFhfxbXxgCzXtQk:u2nTLUyrQBENt8VfZ8FTYXxZz6k

    Score
    10/10
    emotetepoch2bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks