General
-
Target
2772-5-0x00000000003E0000-0x00000000003FB000-memory.dmp
-
Size
108KB
-
MD5
502f7f8d60c1d07bc897715f4bbdd688
-
SHA1
23b9354a8dcda53c107d4e587bb4cbec94acf306
-
SHA256
85dd74874fa28f5e4872ab79027fdfe620f2489577a5ab7279e8bb4e5e9d0a88
-
SHA512
e6d73e502e21f3e4eb861f68e183b29d6898c62fadb9596f305964f73638c696d31be4a7a375e70e6a102b5b711aeff3500570745426d5c809bb3cd357620411
-
SSDEEP
1536:1DQ4kecO7wkMWmhfF1zo37URy8Eq2RL40/D/C9qBPDWqvbf2q8t:1MitOj2iP9qRWqvF
Malware Config
Extracted
emotet
Epoch3
221.147.142.214:80
188.40.170.197:80
51.38.50.144:8080
46.22.116.163:7080
190.151.5.131:443
58.27.215.3:8080
179.5.118.12:80
73.100.19.104:80
192.210.217.94:8080
192.163.221.191:8080
103.93.220.182:80
91.213.106.100:8080
190.192.39.136:80
115.79.59.157:80
190.164.135.81:80
91.83.93.103:443
188.166.220.180:7080
116.202.10.123:8080
36.91.44.183:80
77.74.78.80:443
153.229.219.1:443
190.191.171.72:80
78.186.65.230:80
37.205.9.252:7080
180.21.3.52:80
126.126.139.26:443
212.198.71.39:80
180.148.4.130:8080
190.55.186.229:80
190.117.101.56:80
5.79.70.250:8080
50.116.78.109:8080
185.142.236.163:443
116.91.240.96:80
42.200.96.63:80
190.85.46.52:7080
79.133.6.236:8080
24.231.51.190:80
8.4.9.137:8080
41.76.213.144:8080
175.103.38.146:80
178.33.167.120:8080
143.95.101.72:8080
109.206.139.119:80
121.117.147.153:443
75.127.14.170:8080
46.105.131.68:8080
195.201.56.70:8080
223.17.215.76:80
85.75.49.113:80
118.33.121.37:80
115.79.195.246:80
2.58.16.86:8080
172.96.190.154:8080
185.80.172.199:80
139.59.12.63:8080
120.51.34.254:80
45.239.204.100:80
113.203.238.130:80
190.96.15.50:443
91.75.75.46:80
185.208.226.142:8080
125.200.20.233:80
103.80.51.61:8080
123.216.134.52:80
119.92.77.17:80
203.56.191.129:8080
94.212.52.40:80
37.187.100.220:7080
103.229.73.17:8080
73.55.128.120:80
47.154.85.229:80
113.161.148.81:80
37.46.129.215:8080
139.59.61.215:443
60.125.114.64:443
203.153.216.178:7080
103.3.63.137:8080
109.13.179.195:80
172.105.78.244:8080
162.144.145.58:8080
213.165.178.214:80
88.247.58.26:80
118.243.83.70:80
198.20.228.9:8080
202.29.237.113:8080
113.193.239.51:443
74.208.173.91:8080
192.241.220.183:8080
157.7.164.178:8081
190.194.12.132:80
41.185.29.128:8080
95.76.142.243:80
110.37.224.243:80
54.38.143.245:8080
46.32.229.152:8080
Signatures
Files
-
2772-5-0x00000000003E0000-0x00000000003FB000-memory.dmp.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 41KB - Virtual size: 3.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 3.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 3.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 42KB - Virtual size: 3.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ