Overview

overview

10

Static

static

3

2024-03-04...id.exe

windows7-x64

10

2024-03-04...id.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-03-04_01033c1d1a2a2df9c4a394cf560064a1_icedid

  • Size

    536KB

  • Sample

    240304-vjh9rsfe41

  • MD5

    01033c1d1a2a2df9c4a394cf560064a1

  • SHA1

    3aa5909f11c031082370e5948db778cda89d28c7

  • SHA256

    31092b216b1e9237896d329fdca8a6f19ab9bd7da2a0e3db6c86a9a7b28eaff1

  • SHA512

    fde4797168844b24c9cfc27e204140ed8ca01e5222e075ed73cf7e290e66799ef31b715f9c620de5d1302237efe0c37caef64bc9ae893ba3297161c033ab82b1

  • SSDEEP

    12288:Z4h2IgEnTk6Fj/FY7NDmmw9ylxFqBQDBhKdlfMn:z4TkcrFcmmw9ylfqYPg

Score
10/10
emotetepoch2bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

162.154.38.103:80

95.216.118.202:8080

60.250.78.22:443

120.151.135.224:80

101.187.97.173:80

185.94.252.104:443

168.235.67.138:7080

103.86.49.11:8080

92.222.216.44:8080

190.160.53.126:80

31.31.77.83:443

195.244.215.206:80

5.196.74.210:8080

79.45.112.220:80

41.60.200.34:80

95.213.236.64:8080

5.39.91.110:7080

58.171.38.26:80

209.151.248.242:8080

178.20.74.212:80
rsa_pubkey.plain

Targets

    • Target

      2024-03-04_01033c1d1a2a2df9c4a394cf560064a1_icedid

    • Size

      536KB

    • MD5

      01033c1d1a2a2df9c4a394cf560064a1

    • SHA1

      3aa5909f11c031082370e5948db778cda89d28c7

    • SHA256

      31092b216b1e9237896d329fdca8a6f19ab9bd7da2a0e3db6c86a9a7b28eaff1

    • SHA512

      fde4797168844b24c9cfc27e204140ed8ca01e5222e075ed73cf7e290e66799ef31b715f9c620de5d1302237efe0c37caef64bc9ae893ba3297161c033ab82b1

    • SSDEEP

      12288:Z4h2IgEnTk6Fj/FY7NDmmw9ylxFqBQDBhKdlfMn:z4TkcrFcmmw9ylfqYPg

    Score
    10/10
    emotetepoch2bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks