General

  • Target

    SecuriteInfo.com.Trojan.DownLoader34.3377.7998.9394

  • Size

    636KB

  • Sample

    200801-nprzg2ylh2

  • MD5

    2b3b12de73f3e1ec04bde94ce331bd60

  • SHA1

    aad5ca44a3ccc45b155a5571f2a8163b15fce6c6

  • SHA256

    4275d585a3c1ae3f0d9c96d6dc0ff36256d403065308db6f5875c792835a6670

  • SHA512

    8442392f32939c6b0ecec5cbfdc25c449dc72dbb7c3ef6cee122138217f203e76988e21ae78c5a778c7fe43e48c6882733028a3130844cfb707ba68b1a1748cb

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

71.50.31.38:80

185.94.252.13:443

217.199.160.224:7080

181.167.96.215:80

111.67.12.221:8080

68.183.170.114:8080

212.71.237.140:8080

83.169.21.32:7080

190.6.193.152:8080

217.13.106.14:8080

181.31.211.181:80

177.66.190.130:80

192.241.146.84:8080

80.249.176.206:80

204.225.249.100:7080

137.74.106.111:7080

5.196.35.138:7080

104.131.103.37:8080

189.218.165.63:80

170.81.48.2:80

rsa_pubkey.plain

Targets

    • Target

      SecuriteInfo.com.Trojan.DownLoader34.3377.7998.9394

    • Size

      636KB

    • MD5

      2b3b12de73f3e1ec04bde94ce331bd60

    • SHA1

      aad5ca44a3ccc45b155a5571f2a8163b15fce6c6

    • SHA256

      4275d585a3c1ae3f0d9c96d6dc0ff36256d403065308db6f5875c792835a6670

    • SHA512

      8442392f32939c6b0ecec5cbfdc25c449dc72dbb7c3ef6cee122138217f203e76988e21ae78c5a778c7fe43e48c6882733028a3130844cfb707ba68b1a1748cb

    Score
    10/10
    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet Payload

      Detects Emotet payload in memory.

MITRE ATT&CK Matrix

Tasks