emotet | bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c

Analysis

max time kernel
145s
max time network
151s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
07-03-2023 18:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe
Size

184KB
MD5

a4660fd493bb201ea13b07bfe400561c
SHA1

37b5ee3f716f40d693510e23807ffda6822d07b8
SHA256

bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c
SHA512

c1f2b05c3002e319f91c743dbdcc0e55b785aed6318c475855c55f7278410f951dc4d7f56304d78f9a57fcba25a760039164c771cb89c555fe04431ff7da10bd
SSDEEP

1536:bpDIQIlQIlQIlQIlQIlQIlQIlQIlQIlQI45qGtVh/cVQ/9cEczE72eQLtKzGgcF:4GUVPEIEqLtpgcF

Score

10^/10

emotet epoch2 banker trojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

173.81.218.65:80

45.55.36.51:443

91.83.93.99:7080

45.55.219.163:443

169.239.182.217:8080

24.43.99.75:80

78.24.219.147:8080

95.179.229.244:8080

107.5.122.110:80

47.144.21.12:443

204.197.146.48:80

139.99.158.11:443

190.160.53.126:80

74.120.55.163:80

74.109.108.202:80

47.146.117.214:80

104.236.246.93:8080

174.137.65.18:80

41.60.200.34:80

209.141.54.221:8080

rsa_pubkey.plain

Signatures

Emotet
Emotet is a trojan that is primarily spread through spam emails.
trojan banker emotet

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe

pid	process
4208	bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe
4208	bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe
4208	bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe
4208	bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe
4208	bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe
4208	bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe
4208	bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe
4208	bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe
4208	bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe
4208	bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe
4208	bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe
4208	bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe
4208	bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe
4208	bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe
4208	bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe
4208	bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe
4208	bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe
4208	bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe
4208	bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe
4208	bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe

C:\Users\Admin\AppData\Local\Temp\bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe
"C:\Users\Admin\AppData\Local\Temp\bd77b7ae25b641fbe75d38a84376cbffffbff1f53fe933ab60933b8f23eaba1c.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4208-121-0x00000000005B0000-0x00000000005BC000-memory.dmp

Filesize
48KB

Download
memory/4208-125-0x00000000005A0000-0x00000000005A9000-memory.dmp

Filesize
36KB

Download
memory/4208-126-0x00000000005B0000-0x00000000005BC000-memory.dmp

Filesize
48KB

Download