Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2024, 09:53 UTC

General

  • Target

    20a674bbb373d0119df65976c7f801b1df39af13dfff74f03beea18a34649c7b.exe

  • Size

    368KB

  • MD5

    56c9e0c4be8a5d336a931f91a295cde0

  • SHA1

    0d8c65bc0a63b44c994403752d5fb061ffa80c8d

  • SHA256

    20a674bbb373d0119df65976c7f801b1df39af13dfff74f03beea18a34649c7b

  • SHA512

    a5099b8fe9f046d9fe1610fa1d9998d2288b1586a2aa733a540807dfbc89a7489e0c4de6e6fa4be84be7e4dfb0add9f0719a13fb2c2f13ec43ae06f9a16270b7

  • SSDEEP

    6144:uojuHSMCSMaCDt/9+TfRLtyqlE1uAEO+oCek1jb1RJGJvA+BmAI+7k+V8ckd4mqg:uoT8Cj3YoCe8x0vZD4Jc6w

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

177.107.79.214:8080

98.103.204.12:443

59.148.253.194:8080

172.86.186.21:8080

186.70.127.199:8090

201.213.177.139:80

177.23.7.151:80

12.162.84.2:8080

45.33.77.42:8080

200.59.6.174:80

62.84.75.50:80

201.49.239.200:443

202.134.4.210:7080

98.13.75.196:80

46.43.2.95:8080

177.129.17.170:443

152.169.22.67:80

138.97.60.141:7080

45.46.37.97:80

46.105.114.137:8080

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOZ9fLJ8UrI0OZURpPsR3eijAyfPj3z6
3
uS75f2igmYFW2aWgNcFIzsAYQleKzD0nlCFHOo7Zf8/4wY2UW0CJ4dJEHnE/PHlz
4
6uNk3pxjm7o4eCDyiJbzf+k0Azjl0q54FQIDAQAB
5
-----END PUBLIC KEY-----

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

  • Emotet payload 3 IoCs

    Detects Emotet payload in memory.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\20a674bbb373d0119df65976c7f801b1df39af13dfff74f03beea18a34649c7b.exe
    "C:\Users\Admin\AppData\Local\Temp\20a674bbb373d0119df65976c7f801b1df39af13dfff74f03beea18a34649c7b.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:628

Network

    No results found
  • 177.107.79.214:8080
    20a674bbb373d0119df65976c7f801b1df39af13dfff74f03beea18a34649c7b.exe
    152 B
    3
  • 177.107.79.214:8080
    20a674bbb373d0119df65976c7f801b1df39af13dfff74f03beea18a34649c7b.exe
    152 B
    3
  • 98.103.204.12:443
    20a674bbb373d0119df65976c7f801b1df39af13dfff74f03beea18a34649c7b.exe
    152 B
    3
  • 98.103.204.12:443
    20a674bbb373d0119df65976c7f801b1df39af13dfff74f03beea18a34649c7b.exe
    152 B
    3
  • 59.148.253.194:8080
    20a674bbb373d0119df65976c7f801b1df39af13dfff74f03beea18a34649c7b.exe
    152 B
    3
  • 59.148.253.194:8080
    20a674bbb373d0119df65976c7f801b1df39af13dfff74f03beea18a34649c7b.exe
    152 B
    3
  • 172.86.186.21:8080
    20a674bbb373d0119df65976c7f801b1df39af13dfff74f03beea18a34649c7b.exe
    52 B
    1
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/628-8-0x00000000002A0000-0x00000000002C0000-memory.dmp

    Filesize

    128KB

  • memory/628-4-0x0000000000340000-0x0000000000361000-memory.dmp

    Filesize

    132KB

  • memory/628-0-0x00000000002C0000-0x00000000002E3000-memory.dmp

    Filesize

    140KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.