Overview

overview

10

Static

static

3

NA_NA_NA_6...JC.exe

windows7-x64

10

NA_NA_NA_6...JC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NA_NA_NA_6c549bc0bf134dexeex_JC.exe

  • Size

    204KB

  • Sample

    230725-s81h8sdf95

  • MD5

    6c549bc0bf134d49ea36a526dd119196

  • SHA1

    e7dde207d160fd094efccca8f36dc16187fc2c39

  • SHA256

    125d4c87d784130a32a23fea67c08638cff8bb5c632b3fcdafc264cead2a4aa5

  • SHA512

    91b6c4632e66ec73deea372cb67324be6ade51329d246cc79d017e8ccf7c8a828af71feeb7852ec5a654e2695f9daea588b1c9853e1ca0bf9a32e0f956848dfb

  • SSDEEP

    3072:1deZb7sxHATLP7lxpKQHwrgOwM3STFdoKlKl1YniB9OkWkCLoZxqYSYD:1da/sxHovJ1H6g8AF7Jn0Qy

Score
10/10
emotetepoch1bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

80.11.158.65:8080

91.236.4.234:443

190.147.137.153:443

192.241.143.52:8080

149.62.173.247:8080

190.17.195.202:80

77.55.211.77:8080

70.32.115.157:8080

83.169.21.32:7080

190.229.148.144:80

175.114.178.83:443

46.214.11.172:80

172.104.169.32:8080

70.32.84.74:8080

170.81.48.2:80

113.190.254.245:80

118.69.71.14:80

203.25.159.3:8080

190.47.227.130:80

177.139.131.143:443
rsa_pubkey.plain

Targets

    • Target

      NA_NA_NA_6c549bc0bf134dexeex_JC.exe

    • Size

      204KB

    • MD5

      6c549bc0bf134d49ea36a526dd119196

    • SHA1

      e7dde207d160fd094efccca8f36dc16187fc2c39

    • SHA256

      125d4c87d784130a32a23fea67c08638cff8bb5c632b3fcdafc264cead2a4aa5

    • SHA512

      91b6c4632e66ec73deea372cb67324be6ade51329d246cc79d017e8ccf7c8a828af71feeb7852ec5a654e2695f9daea588b1c9853e1ca0bf9a32e0f956848dfb

    • SSDEEP

      3072:1deZb7sxHATLP7lxpKQHwrgOwM3STFdoKlKl1YniB9OkWkCLoZxqYSYD:1da/sxHovJ1H6g8AF7Jn0Qy

    Score
    10/10
    emotetepoch1bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks