General

  • Target

    329568b06170787ffea31e8b4b99032e72378ed5f18235e32418e7c360d2e0ffN.exe

  • Size

    60KB

  • Sample

    241130-qv486avpbx

  • MD5

    2fa38dc215988975e971a85d58f2a400

  • SHA1

    073634fbbaca5164c985026cab16302ad7ec6717

  • SHA256

    329568b06170787ffea31e8b4b99032e72378ed5f18235e32418e7c360d2e0ff

  • SHA512

    0ea9a5dd41b8ffebb8985120d4941152cb7d7c520ebdb93ad2bb6b07e2caca3e8d1c8032d25748615d61b6f6b799ff106be2df505d211033880fc0a2d810d80a

  • SSDEEP

    1536:I2JC6yyC5sySGPukvCh1kscmssU359NstQRk13z5Pn2ESaw5:FJk5ssPuk6km9K5D3g3z5Po5

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

139.162.75.91:8080

107.170.24.125:8080

37.187.2.199:443

165.227.156.155:443

83.136.245.190:8080

144.76.56.36:8080

178.210.51.222:8080

104.236.246.93:8080

45.33.49.124:443

104.131.44.150:8080

189.209.217.49:80

152.89.236.214:8080

182.176.132.213:8090

80.11.163.139:21

183.102.238.69:465

115.78.95.230:443

95.128.43.213:8080

181.143.194.138:443

186.4.172.5:8080

5.196.74.210:8080

rsa_pubkey.plain

Targets

    • Target

      329568b06170787ffea31e8b4b99032e72378ed5f18235e32418e7c360d2e0ffN.exe

    • Size

      60KB

    • MD5

      2fa38dc215988975e971a85d58f2a400

    • SHA1

      073634fbbaca5164c985026cab16302ad7ec6717

    • SHA256

      329568b06170787ffea31e8b4b99032e72378ed5f18235e32418e7c360d2e0ff

    • SHA512

      0ea9a5dd41b8ffebb8985120d4941152cb7d7c520ebdb93ad2bb6b07e2caca3e8d1c8032d25748615d61b6f6b799ff106be2df505d211033880fc0a2d810d80a

    • SSDEEP

      1536:I2JC6yyC5sySGPukvCh1kscmssU359NstQRk13z5Pn2ESaw5:FJk5ssPuk6km9K5D3g3z5Po5

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet family

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks