emotet | 423826[.]exe

General

Target

423826.exe
Size

221KB
MD5

6596e0d41566ec04b0cddeba2684031f
SHA1

7ef19b4e4f4a6c082fd34a0aff98012a7156dfb8
SHA256

16882c19110d83abb8f3fdf27eeef8c2454628c2c0a1d50dd510c91c5c8b3b4f
SHA512

57023ddfc4eb1c336f5ef3118e633ce554c2a211bc43a705a934847e3188be0d50a9a91ee131773be51d9dbbfbdd5da6417c58377c361fe02c33101dfed2f5ec
SSDEEP

3072:1wBnSH3FbVlOocK1n9pOXuxQQQFQQw5Bu3PykO:upSHJOocK1nzhxQQQFQQw5Buc

Score

10^/10

trojan banker epoch3 emotet

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

152.32.75.74:443

91.121.200.35:8080

159.203.16.11:8080

188.226.165.170:8080

172.193.79.237:80

123.216.134.52:80

183.91.3.63:80

139.59.61.215:443

185.80.172.199:80

77.74.78.80:443

153.229.219.1:443

113.203.238.130:80

120.51.34.254:80

116.202.10.123:8080

5.2.246.108:80

50.116.78.109:8080

103.80.51.61:8080

190.55.186.229:80

185.142.236.163:443

223.17.215.76:80

rsa_pubkey.plain

Signatures

Emotet family
emotet

Emotet payload 1 IoCs

Detects Emotet payload in memory.

trojan banker

resource	yara_rule
sample	emotet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
423826.exe

Files

423826.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 41KB - Virtual size: 41KB

.rdata Size: 512B - Virtual size: 2B

.data Size: 3KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 173KB - Virtual size: 172KB

.text
Size: 41KB - Virtual size: 41KB

.rdata
Size: 512B - Virtual size: 2B

.data
Size: 3KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 173KB - Virtual size: 172KB