General

  • Target

    036251270339d7e33dafbe28ec623ea51b8e58950698db8c96c0623a40649990

  • Size

    266KB

  • Sample

    241112-zf7kea1bph

  • MD5

    89b3b26201398d8153fd2a68af7632f1

  • SHA1

    e66152f962215b0ee982213c7c796e7ed3c64ab5

  • SHA256

    036251270339d7e33dafbe28ec623ea51b8e58950698db8c96c0623a40649990

  • SHA512

    ebfe125fa7579d18e594a7d42d4439a2544b97012cae47db5d26b4276de60e15902adf88aa854f23ef3ab5a6cd5f27a77848c311e18e1d4abbaa40ef8d5b8d63

  • SSDEEP

    6144:xknN2QU6/ptQa+9VklB8xS4GA/mFCo9QNqbqz:2NZLh+SiS41CCo9Qwqz

Malware Config

Extracted

Family

emotet

Botnet

Epoch5

C2

186.250.48.5:80

168.119.39.118:443

185.168.130.138:443

190.90.233.66:443

159.69.237.188:443

54.37.228.122:443

93.104.209.107:8080

185.148.168.15:8080

198.199.98.78:8080

87.106.97.83:7080

195.77.239.39:8080

37.44.244.177:8080

54.38.242.185:443

185.184.25.78:8080

116.124.128.206:8080

139.196.72.155:8080

128.199.192.135:8080

103.41.204.169:8080

78.47.204.80:443

68.183.93.250:443

eck1.plain
ecs1.plain

Targets

    • Target

      6e85a27cf74f3bd04b7cb220f986f8243a19c633ca6197001906905f4cb7f499

    • Size

      412KB

    • MD5

      21a968a1f0a00c028f1cb0d01e7d4455

    • SHA1

      27473fe04fed59668373ba1eef7713918d722e2b

    • SHA256

      6e85a27cf74f3bd04b7cb220f986f8243a19c633ca6197001906905f4cb7f499

    • SHA512

      9753ef1c4b49d1e3e33ce0960ef1220b3cd748674897fea9379e4ad8c3d3e8cc3aba4af7f3bec6c738a4888354b0fd88cba2e4333e7172afd3627401b72bcc2c

    • SSDEEP

      6144:aH0RW81UplEIb6hRAOf6DXyhCra8VCtS08OB8xS4GE/mFCo3QkgqbqAT:tFpMOfeihCraSuiS4zCCo3QkvqA

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet family

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks