General

  • Target

    d6afaaf3eae82bdf8afb187cdbc858d2215b419a3ed639dce91bc75a615aff35.zip

  • Size

    320KB

  • Sample

    230208-lxxvmshe61

  • MD5

    3e32b791597162f07fe0b0f811041e3d

  • SHA1

    f7f69d427d506a92181d7c36e23ed537b1158e52

  • SHA256

    c482d8962f24d2bafe1a446b6527b6b5c941984b0454a1054b7b3d0ca9a6db8e

  • SHA512

    f49a4d3125b0a9789669f28b1b8286e1b5458a56defec92bf6e8fc5fb5b18f3cd60b03e33c6b589f54c1be79db962ff4ea4dcc5a43bba1223b539a65dadf3d7c

  • SSDEEP

    6144:ypTk4NpxYB0NMNTNBV0Pvf0nJKlgkp8ia1Xun7HyjEp17Qd5:yppNiSM9NBV0Pvf0nUlgCa1u7XnQr

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

8.9.11.48:443

144.76.186.55:7080

45.118.115.99:8080

51.254.140.238:7080

162.214.50.39:7080

119.235.255.201:8080

103.75.201.4:443

164.68.99.3:8080

178.79.147.66:8080

192.95.56.148:8080

81.0.236.90:443

45.118.135.203:7080

131.100.24.231:80

41.76.108.46:8080

45.142.114.231:8080

82.165.152.127:8080

45.176.232.124:443

50.116.54.215:443

162.243.175.63:443

216.158.226.206:443

eck1.plain
ecs1.plain

Targets

    • Target

      d6afaaf3eae82bdf8afb187cdbc858d2215b419a3ed639dce91bc75a615aff35.dll

    • Size

      608KB

    • MD5

      732b4628ad399df8dcc667880b373da5

    • SHA1

      f4ad0c7b4eb2029f9b78fde1b2dfdae728156926

    • SHA256

      d6afaaf3eae82bdf8afb187cdbc858d2215b419a3ed639dce91bc75a615aff35

    • SHA512

      b508af97fc5ae6a267ea0e3f9a454093c809776a1f18d61e5a59506ff77b8343e859bd793818ac68faea282f397856c23c2142625ca527717c18708708c5699b

    • SSDEEP

      6144:x42k6LwFPw91EDbkUE39P7pyADYzqlEDFmZ4s3wADQcvIpxUIVZFoEXlbeZhp4ga:x409qDb109PdyOYzq3O3fVbeFTi40

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

MITRE ATT&CK Matrix

Tasks