emotet | 88b02f80a2fbc3de5112a51b157dc4e720168eb289c652a9815c833234fa27c6N[.]exe

General

Target

88b02f80a2fbc3de5112a51b157dc4e720168eb289c652a9815c833234fa27c6N.exe
Size

65KB
MD5

6cd5ce179a2152af7f110eeedffa88b0
SHA1

f67738e9c8b0b01407e495d185106211ec562a53
SHA256

88b02f80a2fbc3de5112a51b157dc4e720168eb289c652a9815c833234fa27c6
SHA512

7663a5cc638e983a3261277c234ebdd18b7caa7ce97857a676e50a5671c965d1a2d72bdbad958c01ed91dd6c077b74ae34b2ab50417c6001dd34a3cc4657b8f6
SSDEEP

1536:HSQpv/ns4Q6UxkPWrbvkM8qLv1ASGZq4nvM6cCrc5hf8ILVV2M8Orlz:yQns4UxkesgASGZtM6VKVUA

Score

10^/10

epoch3 emotet

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

190.38.252.45:443

105.225.77.21:80

181.167.35.84:80

164.68.115.146:8080

5.189.148.98:8080

46.105.128.215:8080

69.30.205.162:7080

190.161.67.63:80

81.82.247.216:80

72.69.99.47:80

172.90.70.168:443

91.117.31.181:80

200.71.112.158:53

51.77.113.97:8080

190.101.87.170:80

96.234.38.186:8080

190.146.14.143:443

86.70.224.211:80

88.247.26.78:80

175.103.239.50:80

rsa_pubkey.plain

Signatures

Emotet family
emotet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88b02f80a2fbc3de5112a51b157dc4e720168eb289c652a9815c833234fa27c6N.exe

Files

88b02f80a2fbc3de5112a51b157dc4e720168eb289c652a9815c833234fa27c6N.exe
.exe windows:6 windows x86 arch:x86

009889c73bd2e55113bf6dfa5f395e0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsProcessorFeaturePresent

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

009889c73bd2e55113bf6dfa5f395e0d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 55KB - Virtual size: 54KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 17KB

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 17KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 1KB - Virtual size: 1KB