Overview

overview

10

Static

static

3

2024-02-04...id.exe

windows7-x64

10

2024-02-04...id.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-02-04_8c45acd5a36f80316f1780f152ec2520_icedid

  • Size

    330KB

  • Sample

    240204-v225lafca8

  • MD5

    8c45acd5a36f80316f1780f152ec2520

  • SHA1

    7a3dc6cf45ecf9c580b3e6ffaee1b7371eecf36c

  • SHA256

    ab7a2f19137c8e58d60ac8f39a9d6e28ab2c31c27f27b035cabcb798f42af331

  • SHA512

    33cb226ac22d97c4a4cfe9779e1595f5678ff56006e1a7ea94233626c6bf94d0a9df9ff64ad0c0a46de58f05dbbe8ecfce9276669710788f3a06f36771b277b8

  • SSDEEP

    6144:CX4hDc/0NQ8aQlfXyrYb7uRBOAhP9wrtnWf84D3ejO+gGrR9eME:CXhMNtdXzbAPyABOS+gGr6

Score
10/10
emotetepoch1bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

73.60.8.210:80

74.59.187.94:80

96.38.234.10:80

96.126.121.64:443

104.236.137.72:8080

85.234.143.94:8080

80.85.87.122:8080

83.165.163.225:80

73.167.135.180:80

201.213.32.59:80

71.76.45.83:443

200.123.101.90:80

68.129.203.162:443

172.90.70.168:8080

116.48.138.115:80

159.203.204.126:8080

86.42.166.147:80

181.135.153.203:443

181.198.203.45:443

149.135.123.65:80
rsa_pubkey.plain

Targets

    • Target

      2024-02-04_8c45acd5a36f80316f1780f152ec2520_icedid

    • Size

      330KB

    • MD5

      8c45acd5a36f80316f1780f152ec2520

    • SHA1

      7a3dc6cf45ecf9c580b3e6ffaee1b7371eecf36c

    • SHA256

      ab7a2f19137c8e58d60ac8f39a9d6e28ab2c31c27f27b035cabcb798f42af331

    • SHA512

      33cb226ac22d97c4a4cfe9779e1595f5678ff56006e1a7ea94233626c6bf94d0a9df9ff64ad0c0a46de58f05dbbe8ecfce9276669710788f3a06f36771b277b8

    • SSDEEP

      6144:CX4hDc/0NQ8aQlfXyrYb7uRBOAhP9wrtnWf84D3ejO+gGrR9eME:CXhMNtdXzbAPyABOS+gGr6

    Score
    10/10
    emotetepoch1bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks