Overview

overview

10

Static

static

10

reswnop_dump_SCY.exe

windows7-x64

10

reswnop_dump_SCY.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    reswnop_dump_SCY.zip

  • Size

    38KB

  • Sample

    240403-thpvgsff65

  • MD5

    efef517c221b230ea5a896fc2069d617

  • SHA1

    c5063106d99563b2c179334028dfa43554978e74

  • SHA256

    70e9ed213af7681bc327e68f13ebb886918c019f921ef9158d67fb1b5a3bc3e8

  • SHA512

    45504484d97e38a6c3eb62d8834e2453dcf5fbe36c2ac2247f8784963c0271c2e9dbc77d0ecde642f893002a54543ae8dffb798940aa635845f8760ad2eaeed1

  • SSDEEP

    768:Nc2xYde0lpMzfl7V8su+XWYXRS+tUgA7uQVilMdnK0ACzKju3Om8D:NAeopR2XRSuUh3ViqK0Uu+LD

Score
10/10
emotetepoch2bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

201.184.105.242:443

24.45.195.162:7080

24.45.195.162:8443

94.192.225.46:80

80.11.163.139:443

133.167.80.63:7080

198.199.114.69:8080

80.79.23.144:443

192.254.173.31:8080

67.225.229.55:8080

190.108.228.48:990

62.75.187.192:8080

185.94.252.13:443

94.205.247.10:80

211.63.71.72:8080

59.103.164.174:80

192.81.213.192:8080

27.4.80.183:443

190.145.67.134:8090

115.78.95.230:443
rsa_pubkey.plain

Targets

    • Target

      reswnop_dump_SCY.exe

    • Size

      66KB

    • MD5

      dc1fc5c2cf85a91d947afe5a857759e7

    • SHA1

      60e3439fa769855f95d85f3e8147cab362c1ed35

    • SHA256

      ca8eb294ac7b0cf16e208d873a63dbe22feef25c6b386a5d5b5c5a4f20b58506

    • SHA512

      1b2cb16ae26881db2b2bc656a52dd392d62baa5e313be2af240d953d5693f0babe420482e4dcaeb76030e329f808af26cd5fffa9e919e3e1fdae74f41edda504

    • SSDEEP

      1536:PCqnWzK59110kPDokkUfwquy5crqORTxrRnXYezQzgMkP:6kp10k7fN5cGOFxrVXSy

    Score
    10/10
    emotetepoch2bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks