Overview

overview

10

Static

static

3

2024-02-04...id.exe

windows7-x64

10

2024-02-04...id.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-02-04_a39781bf51beac13ded43cd4c1f8d540_icedid

  • Size

    366KB

  • Sample

    240204-2fwt1secan

  • MD5

    a39781bf51beac13ded43cd4c1f8d540

  • SHA1

    f473b2afcfc425aae04202e73a4471980c6d05d6

  • SHA256

    4c2914fe35459c54d3e39c9e1ec3b652ac55aaf0d080604d33f67480911c6053

  • SHA512

    52b40f5aaeb8e386d1e7274a6f81e254bc0979adb7080f97c6f243afbd1d865a044a9f968d46a6e1b3b299c98a3db4c76bf018fc749ff25f14a79f35f1612b01

  • SSDEEP

    6144:cQkmnkjT/I+MeJCXmI+M8oIjlRaX+TJ2qcB4QrDi02TjL+e9J:cQl2Me0+M8oII+9pLt9J

Score
10/10
emotetepoch3bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

190.38.252.45:443

105.225.77.21:80

181.167.35.84:80

164.68.115.146:8080

5.189.148.98:8080

46.105.128.215:8080

69.30.205.162:7080

190.161.67.63:80

81.82.247.216:80

72.69.99.47:80

172.90.70.168:443

91.117.31.181:80

200.71.112.158:53

51.77.113.97:8080

190.101.87.170:80

96.234.38.186:8080

190.146.14.143:443

86.70.224.211:80

88.247.26.78:80

175.103.239.50:80
rsa_pubkey.plain

Targets

    • Target

      2024-02-04_a39781bf51beac13ded43cd4c1f8d540_icedid

    • Size

      366KB

    • MD5

      a39781bf51beac13ded43cd4c1f8d540

    • SHA1

      f473b2afcfc425aae04202e73a4471980c6d05d6

    • SHA256

      4c2914fe35459c54d3e39c9e1ec3b652ac55aaf0d080604d33f67480911c6053

    • SHA512

      52b40f5aaeb8e386d1e7274a6f81e254bc0979adb7080f97c6f243afbd1d865a044a9f968d46a6e1b3b299c98a3db4c76bf018fc749ff25f14a79f35f1612b01

    • SSDEEP

      6144:cQkmnkjT/I+MeJCXmI+M8oIjlRaX+TJ2qcB4QrDi02TjL+e9J:cQl2Me0+M8oII+9pLt9J

    Score
    10/10
    emotetepoch3bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks