General

  • Target

    489628e1e917b3639dca68526cb5f2e219264beb1f2800e9b29765de190e0357N.exe

  • Size

    31KB

  • MD5

    951a6ab8d03e407c258a6e2d8e788e00

  • SHA1

    af3bb6df0ba9b1d450c0e8abd2667110bad0d95d

  • SHA256

    489628e1e917b3639dca68526cb5f2e219264beb1f2800e9b29765de190e0357

  • SHA512

    d963adeb8b02c06b78f459aa6fc59ff4d7acad684fd82ccf1e6dbc4db0f51959ecbc302ec32395af881e1a0e8e78e1ec0a4bf9571f46b339a80a87658e557e5b

  • SSDEEP

    768:CMZxWk/4D6acfuU4/PaxqsgoJ62Rk0oWKFrYR35MhTG6M:CML/favfsLQ2O0UY5mw

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

137.119.36.33:80

116.202.234.183:8080

69.30.203.214:8080

204.197.146.48:80

87.106.136.232:8080

153.163.83.106:80

91.211.88.52:7080

93.147.212.206:80

222.214.218.37:4143

189.212.199.126:443

203.153.216.189:7080

83.169.36.251:8080

188.83.220.2:443

104.236.246.93:8080

173.62.217.22:443

5.196.74.210:8080

68.188.112.97:80

139.130.242.43:80

61.19.246.238:443

24.179.13.119:80

rsa_pubkey.plain

Signatures

  • Emotet family
  • Emotet payload 1 IoCs

    Detects Emotet payload in memory.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 489628e1e917b3639dca68526cb5f2e219264beb1f2800e9b29765de190e0357N.exe
    .exe windows:6 windows x86 arch:x86


    Headers

    Sections