General

  • Target

    bd2b0e07d426fc30d36dba99c9a26c0f98f0161484bc0920e70c12d49e0ecea3

  • Size

    209KB

  • Sample

    241112-zjph1a1dkk

  • MD5

    9ef1f63016e843cf4e84a860491d121b

  • SHA1

    a1cdb331bd2abe8b643360984d5feff0a4c4520a

  • SHA256

    bd2b0e07d426fc30d36dba99c9a26c0f98f0161484bc0920e70c12d49e0ecea3

  • SHA512

    3b3acb875a8346715fa024c798c8d78f15c47bd807be0dda7d0c763ae4ec712b30340ed248c1a943e5dff0d8aad83c247f87ce2e4a315ce3a7e55596e0a6e3ea

  • SSDEEP

    3072:MVaYmiLp+AO2e0qtDs+/Vy+29S9b+WWbyTOn5rnJRsMiQF0Vd9EkuejapPs:ymIYAO2ekvX9jbR53RFg+ejaF

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

74.58.215.226:80

24.164.79.147:8080

157.245.123.197:8080

50.116.111.59:8080

173.249.20.233:443

78.188.225.105:80

75.177.207.146:80

136.244.110.184:8080

194.190.67.75:80

70.92.118.112:80

110.145.101.66:443

194.4.58.192:7080

217.20.166.178:7080

109.74.5.95:8080

110.145.11.73:80

66.57.108.14:443

78.189.148.42:80

144.217.7.207:7080

120.150.60.189:80

37.139.21.175:8080

rsa_pubkey.plain

Targets

    • Target

      bd2b0e07d426fc30d36dba99c9a26c0f98f0161484bc0920e70c12d49e0ecea3

    • Size

      209KB

    • MD5

      9ef1f63016e843cf4e84a860491d121b

    • SHA1

      a1cdb331bd2abe8b643360984d5feff0a4c4520a

    • SHA256

      bd2b0e07d426fc30d36dba99c9a26c0f98f0161484bc0920e70c12d49e0ecea3

    • SHA512

      3b3acb875a8346715fa024c798c8d78f15c47bd807be0dda7d0c763ae4ec712b30340ed248c1a943e5dff0d8aad83c247f87ce2e4a315ce3a7e55596e0a6e3ea

    • SSDEEP

      3072:MVaYmiLp+AO2e0qtDs+/Vy+29S9b+WWbyTOn5rnJRsMiQF0Vd9EkuejapPs:ymIYAO2ekvX9jbR53RFg+ejaF

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks