Overview

overview

10

Static

static

3

NEAS.befb1...40.dll

windows7-x64

10

NEAS.befb1...40.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.befb1a966c87d19385ae81aaf3c89040.exe

  • Size

    204KB

  • Sample

    231111-p9fcxafe3v

  • MD5

    befb1a966c87d19385ae81aaf3c89040

  • SHA1

    4fa9cca13abbb7dad59da88d82728dc8f19deb50

  • SHA256

    8e198da7e6f48dab28c380878866bea34cf7e0d63fd55c83f9cddbf6ff24eedc

  • SHA512

    ab3c75c7a437bdd9623ebb39ed691bfd725299c380072bb0afd3b84f949d2c09434724cc541ed98c651558a032e3139c1693888a43a3ed598fe7a48a49ccba54

  • SSDEEP

    3072:kNsjnip4XgGOIcYEs+bG1Va/kqjT3ZNd3mncCuU0QNx84t7YitYvm3OXBmC:5iGXNxusqj9Knjtf04tzem300C

Score
10/10
emotetepoch2bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

173.70.61.180:80

59.21.235.119:80

50.116.111.59:8080

173.249.20.233:443

188.165.214.98:8080

72.188.173.74:80

74.40.205.197:443

64.207.182.168:8080

97.120.3.198:80

190.29.166.0:80

123.176.25.234:80

155.186.9.160:80

138.68.87.218:443

139.99.158.11:443

78.24.219.147:8080

58.1.242.115:80

108.21.72.56:443

188.219.31.12:80

70.180.33.202:80

181.171.209.241:443
rsa_pubkey.plain

Targets

    • Target

      NEAS.befb1a966c87d19385ae81aaf3c89040.exe

    • Size

      204KB

    • MD5

      befb1a966c87d19385ae81aaf3c89040

    • SHA1

      4fa9cca13abbb7dad59da88d82728dc8f19deb50

    • SHA256

      8e198da7e6f48dab28c380878866bea34cf7e0d63fd55c83f9cddbf6ff24eedc

    • SHA512

      ab3c75c7a437bdd9623ebb39ed691bfd725299c380072bb0afd3b84f949d2c09434724cc541ed98c651558a032e3139c1693888a43a3ed598fe7a48a49ccba54

    • SSDEEP

      3072:kNsjnip4XgGOIcYEs+bG1Va/kqjT3ZNd3mncCuU0QNx84t7YitYvm3OXBmC:5iGXNxusqj9Knjtf04tzem300C

    Score
    10/10
    emotetepoch2bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks