General

  • Target

    SecuriteInfo.com.Trojan.DownLoader34.12109.1134.21880

  • Size

    132KB

  • Sample

    200801-nsxc4c2g72

  • MD5

    11effe5091db5144b7f582ab2a75e6a1

  • SHA1

    874040946e21a5b9d18e2c5a7ac49ecec568b0ff

  • SHA256

    026c40840ea971b2f08195ae30cc3a46380ef06e94b73a7d41cb79fb8daa06a7

  • SHA512

    927c5c4bc218f4aa5efb5bc81a3241a4041fe56c5ee20ad89257877d312157c797f41ae0a21b23a83f0286e004c1d7f1de39279a36ada4ab32916a256fab7fbb

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

24.234.133.205:80

212.51.142.238:8080

37.187.72.193:8080

139.59.60.244:8080

168.235.67.138:7080

173.91.22.41:80

71.208.216.10:80

190.55.181.54:443

78.189.165.52:8080

104.131.44.150:8080

87.106.136.232:8080

203.153.216.189:7080

62.75.141.82:80

124.45.106.173:443

46.105.131.87:80

87.106.139.101:8080

50.116.86.205:8080

78.24.219.147:8080

47.153.182.47:80

162.154.38.103:80

rsa_pubkey.plain

Targets

    • Target

      SecuriteInfo.com.Trojan.DownLoader34.12109.1134.21880

    • Size

      132KB

    • MD5

      11effe5091db5144b7f582ab2a75e6a1

    • SHA1

      874040946e21a5b9d18e2c5a7ac49ecec568b0ff

    • SHA256

      026c40840ea971b2f08195ae30cc3a46380ef06e94b73a7d41cb79fb8daa06a7

    • SHA512

      927c5c4bc218f4aa5efb5bc81a3241a4041fe56c5ee20ad89257877d312157c797f41ae0a21b23a83f0286e004c1d7f1de39279a36ada4ab32916a256fab7fbb

    Score
    10/10
    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet Payload

      Detects Emotet payload in memory.

MITRE ATT&CK Matrix

Tasks