General

  • Target

    f55a95eb4a8ab6487f609e882b7661b06629598efc43a3d356d7db6eeb8b5cbb.exe

  • Size

    166KB

  • MD5

    945e0527715ccc21a7864fa0db183f87

  • SHA1

    307eee543b914a845d70ed84a318ca3f13138bb8

  • SHA256

    f55a95eb4a8ab6487f609e882b7661b06629598efc43a3d356d7db6eeb8b5cbb

  • SHA512

    98283931ef66bacf72ff07fe9506280e1afc5dd092da71153d9206f7615f0bec287825bb45136e8dedb1a8a98dc94d64ce885afba338adb6f6f4a171a7011c79

  • SSDEEP

    768:Gp/NkoQqsofmdHRZy6J7V4/OkZlYRacztLnkTlrMcG4UplGa6mroLeTQoohd9qxY:GI2VGTE0Truh28b44i6jBCbY

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

184.180.181.202:80

169.50.76.149:8080

162.241.140.129:8080

104.131.123.136:443

194.187.133.160:443

71.15.245.148:8080

37.139.21.175:8080

104.131.11.150:443

118.83.154.64:443

24.137.76.62:80

79.137.83.50:443

69.206.132.149:80

110.142.236.207:80

123.176.25.234:80

120.150.60.189:80

209.54.13.14:80

95.213.236.64:8080

209.141.54.221:8080

96.245.227.43:80

87.106.139.101:8080

rsa_pubkey.plain

Signatures

  • Emotet family
  • Emotet payload 1 IoCs

    Detects Emotet payload in memory.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • f55a95eb4a8ab6487f609e882b7661b06629598efc43a3d356d7db6eeb8b5cbb.exe
    .exe windows:6 windows x86 arch:x86


    Headers

    Sections