General

  • Target

    ab21d9a3ecdb7daed842bdcb6ab5e2ef7ca0ae3b1f4d57e5c02b7bc83dbbdcdd

  • Size

    32KB

  • MD5

    624898cf24e5cd8d7f8efc940b70f60e

  • SHA1

    54539c88d0689fa610ef2af2e7dbfd21a684ec64

  • SHA256

    ab21d9a3ecdb7daed842bdcb6ab5e2ef7ca0ae3b1f4d57e5c02b7bc83dbbdcdd

  • SHA512

    e9236a3bf2c49d05a91dbbee6971e895a9931b990cf8140f45709dd1f53a9e4fda37c2a5af88ba49e1dda7672a20f09123a4bee510286c64330b7e49a251e13e

  • SSDEEP

    768:Tc9g07jgntIjVCotcADUUdoMOwgs+SeEFx9Hm3Q:TcXgWEoWADTowgsyQlm3Q

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

112.78.142.170:80

178.128.14.92:8080

178.238.232.46:443

185.142.236.163:443

192.210.217.94:8080

192.241.220.183:8080

105.209.235.113:8080

182.187.139.200:8080

188.0.135.237:80

201.213.177.139:80

31.146.61.34:80

202.5.47.71:80

81.17.93.134:80

192.163.221.191:8080

97.104.107.190:80

201.235.10.215:80

181.114.114.203:80

51.38.201.19:7080

46.32.229.152:8080

177.144.130.105:443

rsa_pubkey.plain

Signatures

  • Emotet family
  • Emotet payload 1 IoCs

    Detects Emotet payload in memory.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • ab21d9a3ecdb7daed842bdcb6ab5e2ef7ca0ae3b1f4d57e5c02b7bc83dbbdcdd
    .exe windows:6 windows x86 arch:x86


    Headers

    Sections