Overview

overview

10

Static

static

3

19cef75628...87.exe

windows7-x64

10

19cef75628...87.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19cef7562887e33b0325cd3b20906c87

  • Size

    578KB

  • Sample

    231230-qlp3waadd4

  • MD5

    19cef7562887e33b0325cd3b20906c87

  • SHA1

    fffb2257ac5ba63707e4d0f6aab20e6544a33dcb

  • SHA256

    934cecf8e3c6cb783c0618b9ebe980fda93d630eec67386362f689efc6ca8d4c

  • SHA512

    dd5e379bcb50443ce5556d224c54ea1fc1c79ff2fd4cce124363aad9f5c7e0d3f50533c32ef8c4871f218a634bc1e669a9ab7a343e17fc4e05d82be0e61366a3

  • SSDEEP

    12288:weR8tZORi7suUDGoqRq7nPwNQvOINPA+Mmd:p2fOpxq08NAOIV13

Score
10/10
emotetepoch2bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

212.71.234.16:8080

78.47.106.72:8080

165.227.156.155:443

192.241.255.77:8080

149.202.153.252:8080

144.139.247.220:80

159.65.25.128:8080

211.63.71.72:8080

45.33.49.124:443

186.4.172.5:20

179.12.170.148:8080

103.39.131.88:80

190.53.135.159:21

37.157.194.134:443

181.31.213.158:8080

104.239.175.211:8080

85.104.59.244:20

80.11.163.139:21

176.31.200.130:8080

217.160.182.191:8080
rsa_pubkey.plain

Targets

    • Target

      19cef7562887e33b0325cd3b20906c87

    • Size

      578KB

    • MD5

      19cef7562887e33b0325cd3b20906c87

    • SHA1

      fffb2257ac5ba63707e4d0f6aab20e6544a33dcb

    • SHA256

      934cecf8e3c6cb783c0618b9ebe980fda93d630eec67386362f689efc6ca8d4c

    • SHA512

      dd5e379bcb50443ce5556d224c54ea1fc1c79ff2fd4cce124363aad9f5c7e0d3f50533c32ef8c4871f218a634bc1e669a9ab7a343e17fc4e05d82be0e61366a3

    • SSDEEP

      12288:weR8tZORi7suUDGoqRq7nPwNQvOINPA+Mmd:p2fOpxq08NAOIV13

    Score
    10/10
    emotetepoch2bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks