emotet | 108a99b32b88bc7c77d66f1490a664a2ee46c79496679395af73c1b9c35d9e88

General

Target

108a99b32b88bc7c77d66f1490a664a2ee46c79496679395af73c1b9c35d9e88
Size

33KB
MD5

b9974d9508d4149f615363f6552dfc89
SHA1

85388e3ea7134d405e0505eb9a1820434f2fa002
SHA256

108a99b32b88bc7c77d66f1490a664a2ee46c79496679395af73c1b9c35d9e88
SHA512

e110efbca7a02ec51286962918e084f6f6a1802c092ccac6b139e715c223480f622d5ea0a0f80e97dbfc0416e65f6a72aebedcf804666f2940f69c4cad67cd8c
SSDEEP

768:Q3K7wR7P05lFmRAwUhvGu+nO6y8DM1S1ouKkkUw8sl+onwvP1gMK0V:sK7w1QFZhupOwDMtuKkkDxIowvP1xK0V

Score

10^/10

trojan banker epoch1 emotet

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

177.73.0.98:443

185.94.252.13:443

5.196.35.138:7080

191.182.6.118:80

2.47.112.152:80

77.90.136.129:8080

144.139.91.187:443

192.241.146.84:8080

186.70.127.199:8090

149.62.173.247:8080

181.167.96.215:80

50.28.51.143:8080

177.66.190.130:80

111.67.12.221:8080

45.161.242.102:80

177.144.135.2:80

191.99.160.58:80

192.241.143.52:8080

80.249.176.206:80

190.17.195.202:80

rsa_pubkey.plain

Signatures

Emotet family
emotet
Emotet payload 1 IoCs
Detects Emotet payload in memory.
trojan banker

Processes:

resource yara_rule

sample emotet

resource	yara_rule
sample	emotet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
108a99b32b88bc7c77d66f1490a664a2ee46c79496679395af73c1b9c35d9e88

Files

108a99b32b88bc7c77d66f1490a664a2ee46c79496679395af73c1b9c35d9e88
.exe windows:6 windows x86 arch:x86

009889c73bd2e55113bf6dfa5f395e0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsProcessorFeaturePresent

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

009889c73bd2e55113bf6dfa5f395e0d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 512B - Virtual size: 102B

.data Size: 3KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 512B - Virtual size: 360B

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 512B - Virtual size: 102B

.data
Size: 3KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 512B - Virtual size: 360B