General

  • Target

    c4e164c3a15000c87c79ef4bb49c4a5bc0e9f3859aa5576c4d43d8410467c886

  • Size

    373KB

  • Sample

    241113-rps5dasqdz

  • MD5

    7a3e3657dcb442c86d4aadd65881d577

  • SHA1

    b61e559ec9b23825a0e57344f6bf821b5676d753

  • SHA256

    c4e164c3a15000c87c79ef4bb49c4a5bc0e9f3859aa5576c4d43d8410467c886

  • SHA512

    d0bb2a89b1f2be430f3c3f3ada1d150ad03692c77dabc5f3bc6cc2a5ae4340e7f43a99b86bd213d3c4385157be71cdbdf11c57860aed69fb4fad008f8b3b01b6

  • SSDEEP

    6144:d+i9GB4uWu9aejOqelRrg+2CBpbEPwSIOydSy1oRGZFJwQ/9I:dKWUaLqWRgxkEPLyriGHGW9I

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

2.45.176.233:80

98.103.204.12:443

172.86.186.21:8080

192.175.111.214:8080

109.190.249.106:80

177.144.130.105:8080

70.32.84.74:8080

192.81.38.31:80

138.97.60.140:8080

189.223.16.99:80

175.143.12.123:8080

190.115.18.139:8080

170.81.48.2:80

5.196.35.138:7080

172.104.169.32:8080

178.250.54.208:8080

185.94.252.27:443

46.105.114.137:8080

79.118.74.90:80

70.169.17.134:80

rsa_pubkey.plain

Targets

    • Target

      c4e164c3a15000c87c79ef4bb49c4a5bc0e9f3859aa5576c4d43d8410467c886

    • Size

      373KB

    • MD5

      7a3e3657dcb442c86d4aadd65881d577

    • SHA1

      b61e559ec9b23825a0e57344f6bf821b5676d753

    • SHA256

      c4e164c3a15000c87c79ef4bb49c4a5bc0e9f3859aa5576c4d43d8410467c886

    • SHA512

      d0bb2a89b1f2be430f3c3f3ada1d150ad03692c77dabc5f3bc6cc2a5ae4340e7f43a99b86bd213d3c4385157be71cdbdf11c57860aed69fb4fad008f8b3b01b6

    • SSDEEP

      6144:d+i9GB4uWu9aejOqelRrg+2CBpbEPwSIOydSy1oRGZFJwQ/9I:dKWUaLqWRgxkEPLyriGHGW9I

MITRE ATT&CK Enterprise v15

Tasks