General

  • Target

    8d6aec5dee69b0080de87df7fb88a566fb39a6d3cb2a1e28a3dd570658dcb97c

  • Size

    336KB

  • Sample

    241113-rqendatelj

  • MD5

    a24fe179ffc3c47aa5cf3a5d39b0113d

  • SHA1

    e32dc10bc9622fedc927507a3c831edf5fe659c8

  • SHA256

    8d6aec5dee69b0080de87df7fb88a566fb39a6d3cb2a1e28a3dd570658dcb97c

  • SHA512

    ec47f91efc1e384b1060dfe0674b8440bc0d5d614af7251e9a2695b193fd6627f97dd9a9596d707ee9aa280342549875dc36a703a284e84a0c4c47ce74790b5d

  • SSDEEP

    6144:P3q5crb5h5lp2ZzBUdONOL4BdXE6264/U0RaGBM11tDs7QPvYEEPITFn:P3acrplp+yONOsC6pWi11tDqeREPITFn

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

204.197.146.48:80

212.51.142.238:8080

200.55.243.138:8080

103.86.49.11:8080

83.110.223.58:443

139.130.242.43:80

41.60.200.34:80

110.145.77.103:80

183.101.175.193:80

50.116.86.205:8080

79.98.24.39:8080

180.92.239.110:8080

203.153.216.189:7080

137.59.187.107:8080

109.74.5.95:8080

61.19.246.238:443

209.182.216.177:443

162.241.92.219:8080

47.153.182.47:80

176.111.60.55:8080

rsa_pubkey.plain

Targets

    • Target

      8d6aec5dee69b0080de87df7fb88a566fb39a6d3cb2a1e28a3dd570658dcb97c

    • Size

      336KB

    • MD5

      a24fe179ffc3c47aa5cf3a5d39b0113d

    • SHA1

      e32dc10bc9622fedc927507a3c831edf5fe659c8

    • SHA256

      8d6aec5dee69b0080de87df7fb88a566fb39a6d3cb2a1e28a3dd570658dcb97c

    • SHA512

      ec47f91efc1e384b1060dfe0674b8440bc0d5d614af7251e9a2695b193fd6627f97dd9a9596d707ee9aa280342549875dc36a703a284e84a0c4c47ce74790b5d

    • SSDEEP

      6144:P3q5crb5h5lp2ZzBUdONOL4BdXE6264/U0RaGBM11tDs7QPvYEEPITFn:P3acrplp+yONOsC6pWi11tDqeREPITFn

MITRE ATT&CK Enterprise v15

Tasks