Overview

overview

10

Static

static

3

2024-02-04...id.exe

windows7-x64

10

2024-02-04...id.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-02-04_6d17b047d6a365a3cb757d1ca8f36f30_icedid

  • Size

    312KB

  • Sample

    240204-1brh3adbhk

  • MD5

    6d17b047d6a365a3cb757d1ca8f36f30

  • SHA1

    fcde8f8f664b35b7ef2105a955bb8965e4b3eb9d

  • SHA256

    787f7c67829637a06ce057838823cf1f041c2532124fcab0dd76db5e8c6399f7

  • SHA512

    7c472d646c9ba11e83fb0a9f93ef4610303c43d6ed2e971eb2cf26afcc5c20f37a4eed1ec7fb582b2d8a0ba315c286cbfff28504f168ccd2af01f9b4a29e966b

  • SSDEEP

    6144:pph2KiYC3aZBTVItet3QlpLV0IjuKdJr2qKiTst:pViYC3aZU+3QuIjuKdwGg

Score
10/10
emotetepoch3bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

98.178.241.106:80

190.171.153.139:80

179.5.118.12:8080

45.79.75.232:8080

124.150.175.133:80

164.68.115.146:8080

5.189.148.98:8080

46.105.128.215:8080

67.254.196.78:443

95.216.207.86:7080

181.46.176.38:80

98.15.140.226:80

217.12.70.226:80

115.179.91.58:80

41.190.148.90:80

162.144.46.90:8080

211.218.105.101:80

212.129.14.27:8080

120.51.83.89:443

200.41.121.69:443
rsa_pubkey.plain

Targets

    • Target

      2024-02-04_6d17b047d6a365a3cb757d1ca8f36f30_icedid

    • Size

      312KB

    • MD5

      6d17b047d6a365a3cb757d1ca8f36f30

    • SHA1

      fcde8f8f664b35b7ef2105a955bb8965e4b3eb9d

    • SHA256

      787f7c67829637a06ce057838823cf1f041c2532124fcab0dd76db5e8c6399f7

    • SHA512

      7c472d646c9ba11e83fb0a9f93ef4610303c43d6ed2e971eb2cf26afcc5c20f37a4eed1ec7fb582b2d8a0ba315c286cbfff28504f168ccd2af01f9b4a29e966b

    • SSDEEP

      6144:pph2KiYC3aZBTVItet3QlpLV0IjuKdJr2qKiTst:pViYC3aZU+3QuIjuKdwGg

    Score
    10/10
    emotetepoch3bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks