General

  • Target

    4158dc52a323db3a5fc6a57fa1d1d650N

  • Size

    228KB

  • Sample

    240907-s9jl4stcqh

  • MD5

    4158dc52a323db3a5fc6a57fa1d1d650

  • SHA1

    16e7477238a530bd3a425fad35d897387fbd14a0

  • SHA256

    1ebfb90bc0b92fd2583876f7e57b53f8aed88e9457de8344037795e7c5530624

  • SHA512

    acc03a9a03b308907bd10d49d95543a140f85fa9a123a22967ea253e4a92fb5582a42d5fa0a8f057126e28aac5c37f4e89a82e39e8fafd205ef0cf2d5d1db8a5

  • SSDEEP

    6144:RO1SXBFFlLbOmcJgBh3D0B9Vbi7niG3lz:R3HiJgBhD9Vz

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

5.83.32.101:80

110.172.180.180:8080

203.157.152.9:7080

157.245.145.87:443

195.159.28.244:8080

116.202.10.123:8080

175.103.38.146:80

115.79.59.157:80

188.226.165.170:8080

58.27.215.3:8080

91.83.93.103:443

49.206.31.122:80

120.51.34.254:80

2.58.16.86:8080

5.79.70.250:8080

54.38.143.245:8080

27.78.27.110:443

45.230.45.171:443

74.208.173.91:8080

46.32.229.152:8080

rsa_pubkey.plain

Targets

    • Target

      4158dc52a323db3a5fc6a57fa1d1d650N

    • Size

      228KB

    • MD5

      4158dc52a323db3a5fc6a57fa1d1d650

    • SHA1

      16e7477238a530bd3a425fad35d897387fbd14a0

    • SHA256

      1ebfb90bc0b92fd2583876f7e57b53f8aed88e9457de8344037795e7c5530624

    • SHA512

      acc03a9a03b308907bd10d49d95543a140f85fa9a123a22967ea253e4a92fb5582a42d5fa0a8f057126e28aac5c37f4e89a82e39e8fafd205ef0cf2d5d1db8a5

    • SSDEEP

      6144:RO1SXBFFlLbOmcJgBh3D0B9Vbi7niG3lz:R3HiJgBhD9Vz

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks