General

  • Target

    2772-5-0x00000000003E0000-0x00000000003FB000-memory.dmp

  • Size

    108KB

  • MD5

    502f7f8d60c1d07bc897715f4bbdd688

  • SHA1

    23b9354a8dcda53c107d4e587bb4cbec94acf306

  • SHA256

    85dd74874fa28f5e4872ab79027fdfe620f2489577a5ab7279e8bb4e5e9d0a88

  • SHA512

    e6d73e502e21f3e4eb861f68e183b29d6898c62fadb9596f305964f73638c696d31be4a7a375e70e6a102b5b711aeff3500570745426d5c809bb3cd357620411

  • SSDEEP

    1536:1DQ4kecO7wkMWmhfF1zo37URy8Eq2RL40/D/C9qBPDWqvbf2q8t:1MitOj2iP9qRWqvF

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

221.147.142.214:80

188.40.170.197:80

51.38.50.144:8080

46.22.116.163:7080

190.151.5.131:443

58.27.215.3:8080

179.5.118.12:80

73.100.19.104:80

192.210.217.94:8080

192.163.221.191:8080

103.93.220.182:80

91.213.106.100:8080

190.192.39.136:80

115.79.59.157:80

190.164.135.81:80

91.83.93.103:443

188.166.220.180:7080

116.202.10.123:8080

36.91.44.183:80

77.74.78.80:443

rsa_pubkey.plain

Signatures

  • Emotet family
  • Emotet payload 1 IoCs

    Detects Emotet payload in memory.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2772-5-0x00000000003E0000-0x00000000003FB000-memory.dmp
    .exe windows:6 windows x86 arch:x86


    Headers

    Sections