Analysis
-
max time kernel
144s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2023 13:54
Static task
static1
Behavioral task
behavioral1
Sample
05152199.exe
Resource
win7-20230220-en
General
-
Target
05152199.exe
-
Size
476KB
-
MD5
eee26360b545f361c7be6e3b985f6280
-
SHA1
deb667ee1add1d0f28471167646a039a16b7aa38
-
SHA256
00019c64866c9276b8fc48d4af8ea599437e31d8b8cf93bbd84d1a363507e3fd
-
SHA512
888fa2111699f971cb950af9f8a07afc127d310ad7a9472976e408e63b3acd21b600c8afb4cac06d761dad0be5d43c7c2d01b17b78614cc80094812357156fc4
-
SSDEEP
12288:ltcirHJcDRjVuC23qDBLcmacsitPbD5bZ4zc:LwuC23qD5vft
Malware Config
Extracted
emotet
Epoch1
188.157.101.114:80
192.175.111.214:8080
95.85.33.23:8080
192.232.229.54:7080
181.30.61.163:443
186.70.127.199:8090
200.127.14.97:80
70.169.17.134:80
24.232.228.233:80
172.104.169.32:8080
50.28.51.143:8080
177.73.0.98:443
149.202.72.142:7080
37.187.161.206:8080
202.29.239.162:443
213.197.182.158:8080
202.134.4.210:7080
190.24.243.186:80
201.213.177.139:80
105.209.235.113:8080
111.67.12.221:8080
83.169.21.32:7080
216.47.196.104:80
77.238.212.227:80
98.13.75.196:80
181.129.96.162:8080
177.144.130.105:443
128.92.203.42:80
87.106.46.107:8080
177.23.7.151:80
12.162.84.2:8080
190.188.245.242:80
178.211.45.66:8080
45.46.37.97:80
104.131.41.185:8080
50.121.220.50:80
46.43.2.95:8080
137.74.106.111:7080
70.32.115.157:8080
51.15.7.189:80
68.183.170.114:8080
1.226.84.243:8080
74.135.120.91:80
68.183.190.199:8080
5.189.178.202:8080
191.182.6.118:80
190.190.219.184:80
212.71.237.140:8080
138.97.60.140:8080
70.32.84.74:8080
192.81.38.31:80
190.115.18.139:8080
12.163.208.58:80
74.58.215.226:80
178.250.54.208:8080
177.74.228.34:80
35.143.99.174:80
51.38.124.206:80
186.103.141.250:443
5.196.35.138:7080
82.76.111.249:443
219.92.13.25:80
185.183.16.47:80
177.144.130.105:8080
62.84.75.50:80
46.105.114.137:8080
51.255.165.160:8080
60.93.23.51:80
51.15.7.145:80
174.118.202.24:443
191.191.23.135:80
51.75.33.127:80
217.13.106.14:8080
152.169.22.67:80
192.241.143.52:8080
170.81.48.2:80
188.135.15.49:80
189.2.177.210:443
5.89.33.136:80
185.94.252.27:443
185.94.252.12:80
177.129.17.170:443
45.33.77.42:8080
209.236.123.42:8080
85.214.26.7:8080
64.201.88.132:80
46.101.58.37:8080
94.176.234.118:443
138.97.60.141:7080
Signatures
-
Processes:
resource yara_rule behavioral2/memory/4628-133-0x00000000022A0000-0x00000000022BF000-memory.dmp emotet behavioral2/memory/4628-137-0x00000000022C0000-0x00000000022DE000-memory.dmp emotet behavioral2/memory/4628-142-0x0000000002270000-0x000000000228C000-memory.dmp emotet -
Dave packer 1 IoCs
Detects executable using a packer named 'Dave' by the community, based on a string at the end.
Processes:
resource yara_rule behavioral2/memory/4628-142-0x0000000002270000-0x000000000228C000-memory.dmp dave -
Suspicious behavior: EnumeratesProcesses 16 IoCs
Processes:
05152199.exepid process 4628 05152199.exe 4628 05152199.exe 4628 05152199.exe 4628 05152199.exe 4628 05152199.exe 4628 05152199.exe 4628 05152199.exe 4628 05152199.exe 4628 05152199.exe 4628 05152199.exe 4628 05152199.exe 4628 05152199.exe 4628 05152199.exe 4628 05152199.exe 4628 05152199.exe 4628 05152199.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
05152199.exepid process 4628 05152199.exe