Overview

overview

10

Static

static

1

jwnfVwi3Fi0fBoNY.dll

windows7-x64

10

jwnfVwi3Fi0fBoNY.dll

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    21f1e7f4036cc350eba144ee09c5d0a57953008f08758e106fe19e8c7d119d96.zip

  • Size

    297KB

  • Sample

    230310-mxjhpaef21

  • MD5

    45a5d9cd9cdd35c4f4a68454cb27ef3e

  • SHA1

    d82eb5ca24145a4aebd7969115cae7b63dde2698

  • SHA256

    20d9a37b9529ba04d1c4a87d48c1111490deb900c3c1f6dfaacdb7f7c5483948

  • SHA512

    5a2f4f900c4d085fa9b4625ffcd98a728abe59926cb7c36ed5e755843567e4dfbd63a2496971f755f03402033507490cd6c78b99a2d9c358dc9df30b4e70aea0

  • SSDEEP

    6144:/+eDK2vgP0lc68Dj5ZtPVSoWKy/A1PDv8HLlHzw6vq0:WeD+0l3k9PEyPDEr9zJi0

Score
10/10
emotetepoch4bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

164.68.99.3:8080

164.90.222.65:443

186.194.240.217:443

1.234.2.232:8080

103.75.201.2:443

187.63.160.88:80

147.139.166.154:8080

91.207.28.33:8080

5.135.159.50:443

153.92.5.27:8080

213.239.212.5:443

103.43.75.120:443

159.65.88.10:8080

167.172.253.162:8080

153.126.146.25:7080

119.59.103.152:8080

107.170.39.149:8080

183.111.227.137:8080

159.89.202.34:443

110.232.117.186:8080
eck1.plain
ecs1.plain

Targets

    • Target

      jwnfVwi3Fi0fBoNY.dll

    • Size

      528.5MB

    • MD5

      52fca906ec2ceaf52d16a795cbe70c03

    • SHA1

      973b24f31999a6a6a8a94a698f656d662c612f7b

    • SHA256

      ecc7a177e61204ae5ae37b1eb38b1b0ae59559712094b8627a8750f4cf695586

    • SHA512

      d0a793db73b552e958cd6a5801157f95691d9ce05ef3a6daaa1b6c1d57ea134c925284ca21865046516ee8b187455c5da233313854189d69ae50b61971fd3df7

    • SSDEEP

      6144:ZS+strpYZOLnN6zBiWmLcipbxTV5bEgWrhTmi3ve2vof2PPMIf39yeuLcLwdi:ZbapYTiDcidxTJUdpe2vofQMIfUb

    Score
    10/10
    emotetepoch4bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks