General

  • Target

    a842378dc37fa77ae9bcff1f498efc702d4fb2cd51509b5c37b5dfb93c239ac8.zip

  • Size

    433KB

  • Sample

    230208-lxxjwaaa77

  • MD5

    689604228d734082e07a7dae5b4c2753

  • SHA1

    41adad5f503ca1a19a1b267bc5299177980d3142

  • SHA256

    837fe01f463a36cc4ad5efddd4b30f6c56426aa78989f28d46870516882cacad

  • SHA512

    012caf0e0b86839e7ee2af7f50608bc734a723c4bd028b037acf38b6c92a01c3c015536d964c1d882ef09a1746cf09e52a2e9f5bccac7df0267689a48a90e471

  • SSDEEP

    12288:s4MDUzJKJ3/ma3bJMImzyI0+VpW0HE8kKhsk/1:6QIx/ma3dMIK3+0HV

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

149.56.128.192:443

120.50.40.183:80

160.16.218.63:8080

217.182.25.250:8080

119.193.124.41:7080

103.75.201.2:443

195.201.151.129:8080

131.100.24.231:80

159.65.88.10:8080

1.234.21.73:7080

5.9.116.246:8080

103.75.201.4:443

176.104.106.96:8080

138.185.72.26:8080

212.237.17.99:8080

72.15.201.15:8080

103.43.46.182:443

207.38.84.195:8080

46.55.222.11:443

1.234.2.232:8080

eck1.plain
ecs1.plain

Targets

    • Target

      a842378dc37fa77ae9bcff1f498efc702d4fb2cd51509b5c37b5dfb93c239ac8.dll

    • Size

      764KB

    • MD5

      f1fd302a1b3dcb6e564be5c5d68078d5

    • SHA1

      5f4eea5ec9ffaf28385317afe0cdcff63dc17f0e

    • SHA256

      a842378dc37fa77ae9bcff1f498efc702d4fb2cd51509b5c37b5dfb93c239ac8

    • SHA512

      c640601e47c7b2d8214f7b51866b6b6f41c049745ae55d40c010ba0e1b770edc832e08147a3da78c241ec11c0be24faccc806b016fd7ebd16fd30c9a9ddf40a8

    • SSDEEP

      12288:wGOAWAyzLzHKwJrCf9dJJjI1rMpUsN+JinUqqOYJIOD7ZjAjKL7mYYlgV0p:w5aYJIwPHmngyp

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks