Overview

overview

10

Static

static

3

XQWUIJNVqE...fs.dll

windows7-x64

10

XQWUIJNVqE...fs.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XQWUIJNVqECDV6WD65fgJf2fs.dll

  • Size

    492KB

  • Sample

    230701-jgrmksha9w

  • MD5

    1e6432346ebabb4de8d055c70f3d09fd

  • SHA1

    3196be4c100afbcbec9330b50e772f199217c44b

  • SHA256

    f35cd2ed62b9a4244e5ce50c90d7464e8e4915b594421a2c99d3a9e27be8ef89

  • SHA512

    c4e531bfdbc8ae1ebd3be101831ed1c7831722b962e7acfdcb7132f3ac12c6d696355d4a6a2351148bb0754a1418814539b1fde8347b9b20b60f5b25a6f6ed2b

  • SSDEEP

    6144:TkzytaJpnASmmaNGQ7DYMT1atZNtpTKIEHzCLAcKhIepZn6kdRphRUQP7LwW1:oytafAS/aNPwHbCcKeep5h/uQgW1

Score
10/10
emotetepoch4bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

149.56.131.28:8080

72.15.201.15:8080

207.148.79.14:8080

82.165.152.127:8080

46.55.222.11:443

213.241.20.155:443

163.44.196.120:8080

51.254.140.238:7080

107.170.39.149:8080

188.44.20.25:443

82.223.21.224:8080

172.104.251.154:8080

164.68.99.3:8080

101.50.0.91:8080

129.232.188.93:443

173.212.193.249:8080

103.132.242.26:8080

186.194.240.217:443

37.187.115.122:8080

91.207.28.33:8080
eck1.plain
ecs1.plain

Targets

    • Target

      XQWUIJNVqECDV6WD65fgJf2fs.dll

    • Size

      492KB

    • MD5

      1e6432346ebabb4de8d055c70f3d09fd

    • SHA1

      3196be4c100afbcbec9330b50e772f199217c44b

    • SHA256

      f35cd2ed62b9a4244e5ce50c90d7464e8e4915b594421a2c99d3a9e27be8ef89

    • SHA512

      c4e531bfdbc8ae1ebd3be101831ed1c7831722b962e7acfdcb7132f3ac12c6d696355d4a6a2351148bb0754a1418814539b1fde8347b9b20b60f5b25a6f6ed2b

    • SSDEEP

      6144:TkzytaJpnASmmaNGQ7DYMT1atZNtpTKIEHzCLAcKhIepZn6kdRphRUQP7LwW1:oytafAS/aNPwHbCcKeep5h/uQgW1

    Score
    10/10
    emotetepoch4bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks