General

  • Target

    be5186eba9046829fe1e3e18dfe25af8afdd2d984b6d924ce550dfeb9493654d

  • Size

    364KB

  • Sample

    241113-waeqnawgpn

  • MD5

    952e6bcc61f509548b8e6069f143656b

  • SHA1

    a932f6f184da7ae3ce136b95a1b4ced674df864d

  • SHA256

    be5186eba9046829fe1e3e18dfe25af8afdd2d984b6d924ce550dfeb9493654d

  • SHA512

    0f00252994880f38b5b97b8cdb56b437a063034e9af2fefab8f5f15b793da1b986cc0a80bfb53b61242095acb16bc411f4b04e052fb22261220dac5ff7e47f42

  • SSDEEP

    6144:qRsMh9YQWtcgA70wgF7nJy/6CQK+kIVDRjudJMrt32fFcRmXIeJXjWMmAD:cvm9Y0HFLqRQKqV4epRmxAvAD

Malware Config

Extracted

Family

emotet

Botnet

Epoch5

C2

45.63.5.129:443

128.199.192.135:8080

51.178.61.60:443

168.197.250.14:80

177.72.80.14:7080

51.210.242.234:8080

142.4.219.173:8080

78.47.204.80:443

78.46.73.125:443

37.44.244.177:8080

37.59.209.141:8080

191.252.103.16:80

54.38.242.185:443

85.214.67.203:8080

217.182.143.207:443

159.69.237.188:443

210.57.209.142:8080

54.37.228.122:443

207.148.81.119:8080

195.77.239.39:8080

eck1.plain
ecs1.plain

Targets

    • Target

      be5186eba9046829fe1e3e18dfe25af8afdd2d984b6d924ce550dfeb9493654d

    • Size

      364KB

    • MD5

      952e6bcc61f509548b8e6069f143656b

    • SHA1

      a932f6f184da7ae3ce136b95a1b4ced674df864d

    • SHA256

      be5186eba9046829fe1e3e18dfe25af8afdd2d984b6d924ce550dfeb9493654d

    • SHA512

      0f00252994880f38b5b97b8cdb56b437a063034e9af2fefab8f5f15b793da1b986cc0a80bfb53b61242095acb16bc411f4b04e052fb22261220dac5ff7e47f42

    • SSDEEP

      6144:qRsMh9YQWtcgA70wgF7nJy/6CQK+kIVDRjudJMrt32fFcRmXIeJXjWMmAD:cvm9Y0HFLqRQKqV4epRmxAvAD

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks