General
-
Target
6e6863e6018246db2bb8627be486e15891fafa1ff2bc0bef1eacae5ab2fb7208
-
Size
642KB
-
Sample
240302-l6fygscf63
-
MD5
dc6d5b9adffd41177c17e0a3d67c6928
-
SHA1
1f8d5c603c8c0babd0bb4a70185ddbbeb0b57494
-
SHA256
6e6863e6018246db2bb8627be486e15891fafa1ff2bc0bef1eacae5ab2fb7208
-
SHA512
472c9e421b138c761a8616f8eb59ca61de86f85bc413889b4df64613206b6f7c55249d8192c8f22929b4a9ebf929e99c63698d3612baf2b344893352cbc3967c
-
SSDEEP
12288:SKErLbWywuqBlzeWJsc4guGuLfGqM6AhPoTVHeo0Wq7giXg:SK8EuqLzeWeKupLlM6MwTfq7
Static task
static1
Malware Config
Extracted
emotet
Epoch5
45.138.98.34:80
69.16.218.101:8080
51.210.242.234:8080
185.148.168.220:8080
142.4.219.173:8080
54.38.242.185:443
191.252.103.16:80
104.131.62.48:8080
62.171.178.147:8080
217.182.143.207:443
168.197.250.14:80
37.44.244.177:8080
66.42.57.149:443
210.57.209.142:8080
159.69.237.188:443
116.124.128.206:8080
128.199.192.135:8080
195.154.146.35:443
185.148.168.15:8080
195.77.239.39:8080
207.148.81.119:8080
85.214.67.203:8080
190.90.233.66:443
78.46.73.125:443
78.47.204.80:443
37.59.209.141:8080
54.37.228.122:443
Targets
-
-
Target
6e6863e6018246db2bb8627be486e15891fafa1ff2bc0bef1eacae5ab2fb7208
-
Size
642KB
-
MD5
dc6d5b9adffd41177c17e0a3d67c6928
-
SHA1
1f8d5c603c8c0babd0bb4a70185ddbbeb0b57494
-
SHA256
6e6863e6018246db2bb8627be486e15891fafa1ff2bc0bef1eacae5ab2fb7208
-
SHA512
472c9e421b138c761a8616f8eb59ca61de86f85bc413889b4df64613206b6f7c55249d8192c8f22929b4a9ebf929e99c63698d3612baf2b344893352cbc3967c
-
SSDEEP
12288:SKErLbWywuqBlzeWJsc4guGuLfGqM6AhPoTVHeo0Wq7giXg:SK8EuqLzeWeKupLlM6MwTfq7
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-