Overview

overview

10

Static

static

3

ExeFile (201).exe

windows7-x64

10

ExeFile (201).exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ExeFile (201).exe

  • Size

    688KB

  • Sample

    240820-rgr74swcle

  • MD5

    f1359e084ec38b9fb26200c484261953

  • SHA1

    04c37418c9d269edab0b2fe478ba5235f43656be

  • SHA256

    b03ff55cd67297d4bfee7d88220f770c67db4fcab2076587e2afd398353c5365

  • SHA512

    503fe2a57c4741c6a5a6d3847a8c8a8b247db9618fa85ee6288e59fc490a0b3b37089dc11c5a7f2f108d0ff9baabcda4b52332078c80fceecd67c6941e690d2d

  • SSDEEP

    12288:J+fveUixLcAQE+SubhHBjoPkGStI4RgLSC:J3T1HQE0bJaPERo

Score
10/10
emotetepoch3bankerdiscoverytrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

75.139.38.211:80

74.207.230.187:8080

115.79.195.246:80

46.105.131.68:8080

78.189.111.208:443

50.116.78.109:8080

105.209.239.55:80

157.7.164.178:8081

143.95.101.72:8080

181.113.229.139:443

45.118.136.92:8080

87.252.100.28:80

179.5.118.12:80

211.20.154.102:80

216.75.37.196:8080

46.32.229.152:8080

74.208.173.91:8080

185.142.236.163:443

37.70.131.107:80

41.185.29.128:8080
rsa_pubkey.plain

Targets

    • Target

      ExeFile (201).exe

    • Size

      688KB

    • MD5

      f1359e084ec38b9fb26200c484261953

    • SHA1

      04c37418c9d269edab0b2fe478ba5235f43656be

    • SHA256

      b03ff55cd67297d4bfee7d88220f770c67db4fcab2076587e2afd398353c5365

    • SHA512

      503fe2a57c4741c6a5a6d3847a8c8a8b247db9618fa85ee6288e59fc490a0b3b37089dc11c5a7f2f108d0ff9baabcda4b52332078c80fceecd67c6941e690d2d

    • SSDEEP

      12288:J+fveUixLcAQE+SubhHBjoPkGStI4RgLSC:J3T1HQE0bJaPERo

    Score
    10/10
    emotetepoch3bankerdiscoverytrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Emotet payload

      Detects Emotet payload in memory.

      trojanbanker
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks