emotet | 9d13bfb3deff3b83ad20c1418ff95366756febcef669c135065eff5c8f100f95[.]exe

General

Target

9d13bfb3deff3b83ad20c1418ff95366756febcef669c135065eff5c8f100f95.exe
Size

65KB
MD5

1b77dcbec7bae456487eac4531ed9f1a
SHA1

116ac45d815ffeae45e69e6b3b62c8d0ba38d966
SHA256

9d13bfb3deff3b83ad20c1418ff95366756febcef669c135065eff5c8f100f95
SHA512

55a2d8c6fde400e0036a5adb7a988e3b9f771b023fa58a9182d526719d6708eb6dbf99a687af931440b511eecc2dfe41f4114b9d1eea6ebc1e895369f9a0c817
SSDEEP

1536:HSQpv/ns4Q6UxkPWrbvkM8qLv1ASGZq4nvM6cCrc5hf8ILVV2M8OrlZ:yQns4UxkesgASGZtM6VKVUQ

Score

10^/10

epoch3 emotet

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

190.38.252.45:443

105.225.77.21:80

181.167.35.84:80

164.68.115.146:8080

5.189.148.98:8080

46.105.128.215:8080

69.30.205.162:7080

190.161.67.63:80

81.82.247.216:80

72.69.99.47:80

172.90.70.168:443

91.117.31.181:80

200.71.112.158:53

51.77.113.97:8080

190.101.87.170:80

96.234.38.186:8080

190.146.14.143:443

86.70.224.211:80

88.247.26.78:80

175.103.239.50:80

rsa_pubkey.plain

Signatures

Emotet family
emotet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
9d13bfb3deff3b83ad20c1418ff95366756febcef669c135065eff5c8f100f95.exe

Files

9d13bfb3deff3b83ad20c1418ff95366756febcef669c135065eff5c8f100f95.exe
.exe windows:6 windows x86 arch:x86

009889c73bd2e55113bf6dfa5f395e0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsProcessorFeaturePresent

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

009889c73bd2e55113bf6dfa5f395e0d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 55KB - Virtual size: 54KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 17KB

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 17KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 1KB - Virtual size: 1KB