General
-
Target
f1ab1fa6d2b93ae55b448b96733ff195.bin
-
Size
477KB
-
Sample
230203-k1b7nsgh8x
-
MD5
f1ab1fa6d2b93ae55b448b96733ff195
-
SHA1
fa5c79321dd4cc2fea795d6ebe2e823abe33ca6f
-
SHA256
045c4ab485bd45781234451af0eae62f23abceae375d5434cff37c3e5620f872
-
SHA512
06f5ebb1d2f1079bec579856cd676d256758961dabedc9851836ff22b6442c0efd9ec818b95715b8ee706e126df63322fd7e3ebe679e46bd91e49abb8caf5bd4
-
SSDEEP
12288:Ur1hcmamspxYUL24xYkPuPN1A27pNMTWdQpDx82540:IDdyxYUmA277MKwDlf
Malware Config
Extracted
emotet
Epoch1
181.188.149.134:80
203.130.0.67:80
5.67.96.120:8080
189.245.135.12:143
143.0.245.169:8080
151.80.142.33:80
159.65.241.220:8080
109.104.79.48:8080
43.229.62.186:8080
72.47.248.48:8080
46.249.204.99:8080
181.48.174.242:80
190.230.60.129:80
89.188.124.145:443
187.242.204.142:80
200.57.102.71:8443
201.219.183.243:443
190.117.206.153:443
200.80.198.34:80
138.68.106.4:7080
Targets
-
-
Target
f1ab1fa6d2b93ae55b448b96733ff195.bin
-
Size
477KB
-
MD5
f1ab1fa6d2b93ae55b448b96733ff195
-
SHA1
fa5c79321dd4cc2fea795d6ebe2e823abe33ca6f
-
SHA256
045c4ab485bd45781234451af0eae62f23abceae375d5434cff37c3e5620f872
-
SHA512
06f5ebb1d2f1079bec579856cd676d256758961dabedc9851836ff22b6442c0efd9ec818b95715b8ee706e126df63322fd7e3ebe679e46bd91e49abb8caf5bd4
-
SSDEEP
12288:Ur1hcmamspxYUL24xYkPuPN1A27pNMTWdQpDx82540:IDdyxYUmA277MKwDlf
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-