General

  • Target

    stage2.exe

  • Size

    480KB

  • Sample

    231025-h2lrdseh99

  • MD5

    8db38c7f70214ee08e166cde8b9163c6

  • SHA1

    e4c7cefcf2dcac80a8a555b73a07605b93a5447c

  • SHA256

    724dd5dad3c8c253663db43557712ac030b8228f9602030ff21ec61a5f9cb198

  • SHA512

    3579743c874e004c037dd4af3405ef6c588d46fc53dcb21100838c92b930be422add87deac284b1ead4d13ac94f45c78bf133c31d6edf6840cdfe673f5c7c203

  • SSDEEP

    6144:uynlP9ICFZAgfJhRCJUoF/XGm0FPrNB6VbdcGHQK0ZjUGjts1eYIGuP:uyl+mTySo52RtBiKGHMiG6UY8

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

24.249.63.138:80

2.45.165.235:80

149.210.171.237:8080

64.207.176.4:8080

183.82.123.60:443

50.63.13.135:8080

178.33.167.120:8080

95.66.182.136:80

184.162.115.11:443

190.17.94.108:443

110.142.161.90:80

122.176.116.57:443

175.181.7.188:80

182.71.222.187:80

78.188.33.71:80

177.144.130.105:443

182.176.116.139:995

41.77.74.214:443

212.112.113.235:80

78.189.60.109:443

rsa_pubkey.plain

Targets

    • Target

      stage2.exe

    • Size

      480KB

    • MD5

      8db38c7f70214ee08e166cde8b9163c6

    • SHA1

      e4c7cefcf2dcac80a8a555b73a07605b93a5447c

    • SHA256

      724dd5dad3c8c253663db43557712ac030b8228f9602030ff21ec61a5f9cb198

    • SHA512

      3579743c874e004c037dd4af3405ef6c588d46fc53dcb21100838c92b930be422add87deac284b1ead4d13ac94f45c78bf133c31d6edf6840cdfe673f5c7c203

    • SSDEEP

      6144:uynlP9ICFZAgfJhRCJUoF/XGm0FPrNB6VbdcGHQK0ZjUGjts1eYIGuP:uyl+mTySo52RtBiKGHMiG6UY8

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks