Overview

overview

10

Static

static

3

2024-02-04...id.exe

windows7-x64

10

2024-02-04...id.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-02-04_883297b2d82fcce435dcbe8ab8e38700_icedid

  • Size

    452KB

  • Sample

    240204-1clzzabcf4

  • MD5

    883297b2d82fcce435dcbe8ab8e38700

  • SHA1

    204dbd76e79a1be310b35bfbe8ecac7f6dcd0126

  • SHA256

    dec943a8eb5380fb1a717ce27e4a34a95656e2600c0b87fe7592d5b1b920491e

  • SHA512

    b279c4e60afddbcc84f19cbe927641f86aeb98e527f57a5f75f289ef458d28ae723e4644e2cebf903b6cbc6b54ee2f6a2a6e2dd1cb2b5b4096bab6d1cbbaa373

  • SSDEEP

    6144:avrPZDeMVjTPBlbG2Rmzd0OGKi7Os0WkM8ZVxAQcSahHe:o5l2zdAKiQWkrxT

Score
10/10
emotetepoch1bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

105.227.58.49:80

88.250.223.190:8080

47.146.42.234:80

96.126.121.64:443

104.236.137.72:8080

172.104.233.225:8080

85.234.143.94:8080

82.196.15.205:8080

91.205.215.57:7080

130.45.45.31:80

200.124.225.32:80

188.216.24.204:80

200.58.83.179:80

181.231.62.54:80

200.113.106.18:80

72.29.55.174:80

109.166.89.91:80

200.123.101.90:80

80.29.54.20:80

190.102.226.91:80
rsa_pubkey.plain

Targets

    • Target

      2024-02-04_883297b2d82fcce435dcbe8ab8e38700_icedid

    • Size

      452KB

    • MD5

      883297b2d82fcce435dcbe8ab8e38700

    • SHA1

      204dbd76e79a1be310b35bfbe8ecac7f6dcd0126

    • SHA256

      dec943a8eb5380fb1a717ce27e4a34a95656e2600c0b87fe7592d5b1b920491e

    • SHA512

      b279c4e60afddbcc84f19cbe927641f86aeb98e527f57a5f75f289ef458d28ae723e4644e2cebf903b6cbc6b54ee2f6a2a6e2dd1cb2b5b4096bab6d1cbbaa373

    • SSDEEP

      6144:avrPZDeMVjTPBlbG2Rmzd0OGKi7Os0WkM8ZVxAQcSahHe:o5l2zdAKiQWkrxT

    Score
    10/10
    emotetepoch1bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks