General
-
Target
2025-02-27_e04ef63295ecda683a949ad6ac84e2d9_icedid_ramnit
-
Size
437KB
-
Sample
250227-h7srwszxbs
-
MD5
e04ef63295ecda683a949ad6ac84e2d9
-
SHA1
38738d42664fe9d82c71a7f4df3bcb665b39316e
-
SHA256
48ec51ec5d4347dff96e2e9212fdd88f1a21d471dc40c0f98517abe784673b49
-
SHA512
18f6653d66d17278fc73922518f916ae2eb0d985f0289738fba876e94816cdd1c9906803f3fcc9f441ccd2f3769fc31f7b1aa3aa8ae9419ff7df79d1a47b9eb5
-
SSDEEP
12288:GRX3wK9rybO3AlLBeTWi+eO6e2dAtyK0G+pG/YI:GRX3wK9ruO3Alpi+eO6e2mt2gYI
Malware Config
Extracted
emotet
Epoch2
64.88.202.250:80
212.51.142.238:8080
200.55.243.138:8080
104.236.246.93:8080
61.19.246.238:443
79.45.112.220:80
95.213.236.64:8080
169.239.182.217:8080
103.86.49.11:8080
87.106.139.101:8080
74.208.45.104:8080
113.160.130.116:8443
209.141.54.221:8080
203.153.216.189:7080
73.11.153.178:8080
186.208.123.210:443
37.187.72.193:8080
201.173.217.124:443
121.124.124.40:7080
24.1.189.87:8080
Targets
-
-
Target
2025-02-27_e04ef63295ecda683a949ad6ac84e2d9_icedid_ramnit
-
Size
437KB
-
MD5
e04ef63295ecda683a949ad6ac84e2d9
-
SHA1
38738d42664fe9d82c71a7f4df3bcb665b39316e
-
SHA256
48ec51ec5d4347dff96e2e9212fdd88f1a21d471dc40c0f98517abe784673b49
-
SHA512
18f6653d66d17278fc73922518f916ae2eb0d985f0289738fba876e94816cdd1c9906803f3fcc9f441ccd2f3769fc31f7b1aa3aa8ae9419ff7df79d1a47b9eb5
-
SSDEEP
12288:GRX3wK9rybO3AlLBeTWi+eO6e2dAtyK0G+pG/YI:GRX3wK9ruO3Alpi+eO6e2mt2gYI
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Emotet family
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-