General

  • Target

    7805d250b3c1d74219350badee9231fadbfc591bc43d55b96f7a25723067b74f.zip

  • Size

    340KB

  • Sample

    230208-lxyf6saa79

  • MD5

    0c67bf0579014c8f252b92d30ad9a45e

  • SHA1

    84f7fd71b173b8c4e777c6b9878102958bbba8da

  • SHA256

    3952bb2e12dd2da572ee205c1bb5044459d9b1e44976daa4e8996e21a2bc29f4

  • SHA512

    b2b1bef537e4730606885eed1d1c285ba4db61a3b2f30c1cc5f49448d92f6f82fd6db2d1b0fffe35a88ebe0084505b474fbe89d9979e735f798eedacd55a33df

  • SSDEEP

    6144:pIvh2YvBqMwMZ0fgDXVXTA5Fg0ufTbsQxXiWHxZMCZirt4:pIvh2YMMwMZUgZeFgnHpZMnJ4

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

70.36.102.35:443

92.240.254.110:8080

51.91.76.89:8080

217.182.25.250:8080

119.193.124.41:7080

45.142.114.231:8080

176.56.128.118:443

51.254.140.238:7080

173.212.193.249:8080

131.100.24.231:80

188.44.20.25:443

1.234.2.232:8080

153.126.146.25:7080

51.91.7.5:8080

151.106.112.196:8080

46.55.222.11:443

107.182.225.142:8080

82.165.152.127:8080

212.237.17.99:8080

195.201.151.129:8080

eck1.plain
ecs1.plain

Targets

    • Target

      7805d250b3c1d74219350badee9231fadbfc591bc43d55b96f7a25723067b74f.dll

    • Size

      640KB

    • MD5

      aad06e4245330f9ee7c0e4c67c46c686

    • SHA1

      930ef00f646b571bfd4dee6abbcc3ba6b664461c

    • SHA256

      7805d250b3c1d74219350badee9231fadbfc591bc43d55b96f7a25723067b74f

    • SHA512

      afbd0f7b2252f4ebe837c7c4013db02ec1287ef35c24cc2e93803a92520d2c307c034976e67648097764066c25462f59cd7f89a77a5bc076cd17c81206e6c346

    • SSDEEP

      6144:/6ZMFXzqfoSHr/mvcQYbi2HN8C8BgifO7y7JcuVqrWLWN7Ypsi6Ih9vH0/oUHahE:/8MFX47ivcQMNsrD+KJjO69cI

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks