General

  • Target

    d502cc0d441573fb675b5c6a88802986270957c15acc83d9dc839ba6012457e6

  • Size

    441KB

  • Sample

    241112-1m1acasbnh

  • MD5

    ee53a404c6218b079b5730a007f9be5a

  • SHA1

    1af052fee0d0958b8de4505da5681d66f8d664d9

  • SHA256

    d502cc0d441573fb675b5c6a88802986270957c15acc83d9dc839ba6012457e6

  • SHA512

    1682ecd296844f5c91d419050e079f28641e20db9741c522b42d7557928fb64f3d9e4c325660a4c606d57518f1d577fd6359beeed2d8e705624526512de005d3

  • SSDEEP

    12288:DrhD9rz65yICHiF7MP3g/qaUq36eQkEOYah61:3hprw3OcIfEqaUq3hxEOYae

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

162.241.79.26:8080

186.250.48.117:7080

103.134.85.85:80

217.182.143.207:443

207.38.84.195:8080

177.87.70.10:8080

212.237.56.116:7080

176.56.128.118:443

203.114.109.124:443

212.237.17.99:8080

176.104.106.96:8080

45.118.135.203:7080

79.172.212.216:8080

50.116.54.215:443

45.176.232.124:443

162.243.175.63:443

103.221.221.247:8080

212.24.98.99:8080

45.142.114.231:8080

178.128.83.165:80

eck1.plain
ecs1.plain

Targets

    • Target

      f918b9c1312b32f0693abfa6d17833e70d50de198c029299d250b2023347bd81

    • Size

      817KB

    • MD5

      d4b40669040055b41934b1a031c1ce0a

    • SHA1

      86f18a9441d3504b35741d0693b8cd99c8abce0d

    • SHA256

      f918b9c1312b32f0693abfa6d17833e70d50de198c029299d250b2023347bd81

    • SHA512

      9a42e963dcb4189d482d9b02a2bdc9b75ffd36db1393a75745b1812d7b6401a2ccabb0d88efce5dc6eb01b34fc96ddb54b61685bc7a8d8bc85bc870c6818eb6f

    • SSDEEP

      12288:78u2rsRwkKeb6hsHN36rXeL09CTZ5X2wtRU3zaEq366QkkOYaPG8Lik:x206S49CTawtMaEq3XxkOYaTi

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet family

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks