Overview

overview

10

Static

static

3

2024-03-11...id.exe

windows7-x64

10

2024-03-11...id.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-03-11_da157cd6a4f108ba2572f21dc1eb10ca_icedid

  • Size

    364KB

  • Sample

    240311-3kxgsabg35

  • MD5

    da157cd6a4f108ba2572f21dc1eb10ca

  • SHA1

    d199b39a5035bd5044522a325cc3a9098d81717e

  • SHA256

    1cbb6e46c418b0d7c3c8a01b622c138eb3b4df93a896eaea3ea41e123d186e28

  • SHA512

    8d854bf86ef3378ced1ff61686f39c52b75b4c26af1a4e73a8e0351f3a516682ccbf2250e0409dc2664b99b2b63c6cdec20602c6a8af5e3b9ddbabc9266fc7b5

  • SSDEEP

    6144:aluOl/5G+wxIclfJXZzXGz4s0VSBo5pmZk3rX4:aAOlR5wxIclfzE4sXZk7

Score
10/10
emotetepoch2bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

195.76.232.114:80

82.223.70.24:8080

45.33.49.124:443

136.243.205.112:7080

110.145.77.103:80

74.208.45.104:8080

24.94.237.248:80

186.208.123.210:443

67.235.68.222:80

209.151.248.242:8080

200.41.121.90:80

5.196.74.210:8080

201.173.217.124:443

185.155.20.82:80

139.130.242.43:80

114.145.241.208:80

168.235.67.138:7080

162.241.92.219:8080

98.156.206.153:80

101.187.97.173:80
rsa_pubkey.plain

Targets

    • Target

      2024-03-11_da157cd6a4f108ba2572f21dc1eb10ca_icedid

    • Size

      364KB

    • MD5

      da157cd6a4f108ba2572f21dc1eb10ca

    • SHA1

      d199b39a5035bd5044522a325cc3a9098d81717e

    • SHA256

      1cbb6e46c418b0d7c3c8a01b622c138eb3b4df93a896eaea3ea41e123d186e28

    • SHA512

      8d854bf86ef3378ced1ff61686f39c52b75b4c26af1a4e73a8e0351f3a516682ccbf2250e0409dc2664b99b2b63c6cdec20602c6a8af5e3b9ddbabc9266fc7b5

    • SSDEEP

      6144:aluOl/5G+wxIclfJXZzXGz4s0VSBo5pmZk3rX4:aAOlR5wxIclfzE4sXZk7

    Score
    10/10
    emotetepoch2bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks