General

  • Target

    446edd557bbf947210e4b5e35916802c9fc54c135ce1adaf75a5ce7c77fd9eb5

  • Size

    731KB

  • Sample

    241113-rh24pstdln

  • MD5

    af676f8f968660f93ca7f504002230cc

  • SHA1

    d82377ece57f1bc3659b69d9ed9f2f2bfba0a597

  • SHA256

    446edd557bbf947210e4b5e35916802c9fc54c135ce1adaf75a5ce7c77fd9eb5

  • SHA512

    4d2804ee60acae1dfc8f80ccccdcc0dcfc5992c66df7f0b3cdb3b5c6f442d64cf540630b63ef604c73b459de46b5e4206867f438977404e4eebc5c2521d7c69a

  • SSDEEP

    12288:GEn3gZiXE1ba0okX7/QUcwlh2zwsb4S6HJhTXrvw7xJj:GkgZiXbkDh2ksbh6HJhT+f

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

184.180.181.202:80

169.50.76.149:8080

162.241.140.129:8080

104.131.123.136:443

194.187.133.160:443

71.15.245.148:8080

37.139.21.175:8080

104.131.11.150:443

118.83.154.64:443

24.137.76.62:80

79.137.83.50:443

69.206.132.149:80

110.142.236.207:80

123.176.25.234:80

120.150.60.189:80

209.54.13.14:80

95.213.236.64:8080

209.141.54.221:8080

96.245.227.43:80

87.106.139.101:8080

rsa_pubkey.plain

Targets

    • Target

      446edd557bbf947210e4b5e35916802c9fc54c135ce1adaf75a5ce7c77fd9eb5

    • Size

      731KB

    • MD5

      af676f8f968660f93ca7f504002230cc

    • SHA1

      d82377ece57f1bc3659b69d9ed9f2f2bfba0a597

    • SHA256

      446edd557bbf947210e4b5e35916802c9fc54c135ce1adaf75a5ce7c77fd9eb5

    • SHA512

      4d2804ee60acae1dfc8f80ccccdcc0dcfc5992c66df7f0b3cdb3b5c6f442d64cf540630b63ef604c73b459de46b5e4206867f438977404e4eebc5c2521d7c69a

    • SSDEEP

      12288:GEn3gZiXE1ba0okX7/QUcwlh2zwsb4S6HJhTXrvw7xJj:GkgZiXbkDh2ksbh6HJhT+f

MITRE ATT&CK Enterprise v15

Tasks