Overview

overview

10

Static

static

3

2025-02-28...id.exe

windows7-x64

10

2025-02-28...id.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    132s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28/02/2025, 19:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-02-28_8504615e9124e3800e68a71010c8e36a_icedid.exe

  • Size

    272KB

  • MD5

    8504615e9124e3800e68a71010c8e36a

  • SHA1

    0f022eb7487adf42ed9b7d84f0b593b54d273520

  • SHA256

    c0ff535f5f1cd9a60a6c73729096bad6c8051edc21826351e02e7d701071cc52

  • SHA512

    60bb8de793bd581e2ede59fd255276ce58346f506c0486e2d91ade91a3f70b327f50f25a76bfe9069b4e711a37d3684f6f449de4060b31ef85bfdacda1dd150c

  • SSDEEP

    6144:fDC5yQfvp9e4YbTaPnEu/+6i5j0RgyJWIaMDILS8:LCBfvLoaPDHiCJgMDILS

Score
10/10
emotetepoch2bankerdiscoverytrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

140.186.212.146:80

85.214.28.226:8080

142.44.137.67:443

162.241.242.173:8080

24.43.99.75:80

120.150.60.189:80

189.212.199.126:443

98.109.204.230:80

174.45.13.118:80

95.213.236.64:8080

203.153.216.189:7080

188.219.31.12:80

168.235.67.138:7080

152.168.248.128:443

173.62.217.22:443

176.111.60.55:8080

201.173.217.124:443

112.185.64.233:80

190.160.53.126:80

37.139.21.175:8080
rsa_pubkey.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Emotet family
    emotet
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-02-28_8504615e9124e3800e68a71010c8e36a_icedid.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-02-28_8504615e9124e3800e68a71010c8e36a_icedid.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:2484

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2484-0-0x00000000002C0000-0x00000000002CC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2484-4-0x00000000002B0000-0x00000000002B9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2484-5-0x00000000002C0000-0x00000000002CC000-memory.dmp

    Filesize

    48KB

    Download