emotet | 0d7fc00dbc413ea4ab77ac56552291eece7a65361356c5b35e8b8b77d55c586d | Triage

Sharing

General

Target

0d7fc00dbc413ea4ab77ac56552291eece7a65361356c5b35e8b8b77d55c586d
Size

572KB
Sample

191202-5h68qnzyfs
MD5

315fd0b1ee4d5b46f0b75eb274a4bad7
SHA1

59e303ead4751afc8821a52c71c934a267acf3c8
SHA256

0d7fc00dbc413ea4ab77ac56552291eece7a65361356c5b35e8b8b77d55c586d
SHA512

b9859cc02c6eeb54991e2532bfc6ca2a12536221d9c955ee6d6462958ba31fa28dc38083dfd3681684b101d64994549929e25dbfbc4306485df9ba4b60b67252

Score

10^/10

emotet epoch3 banker evasion trojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

72.69.99.47:80

190.5.162.204:80

123.142.37.165:80

50.63.13.135:8080

222.239.249.166:443

192.161.190.171:8080

80.93.48.49:7080

195.201.56.68:7080

181.44.166.242:80

161.18.233.114:80

51.38.134.203:8080

212.129.14.27:8080

172.90.70.168:443

45.129.121.222:443

189.180.105.125:443

186.66.224.182:990

122.11.164.183:80

138.197.140.163:8080

211.218.105.101:80

212.112.113.235:80

rsa_pubkey.plain

Targets

- Target
  
  0d7fc00dbc413ea4ab77ac56552291eece7a65361356c5b35e8b8b77d55c586d
- Size
  
  572KB
- MD5
  
  315fd0b1ee4d5b46f0b75eb274a4bad7
- SHA1
  
  59e303ead4751afc8821a52c71c934a267acf3c8
- SHA256
  
  0d7fc00dbc413ea4ab77ac56552291eece7a65361356c5b35e8b8b77d55c586d
- SHA512
  
  b9859cc02c6eeb54991e2532bfc6ca2a12536221d9c955ee6d6462958ba31fa28dc38083dfd3681684b101d64994549929e25dbfbc4306485df9ba4b60b67252
Score

10^/10

trojan banker emotet evasion
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Windows security modification
  evasion trojan
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
task1 task2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

task1

trojanbankerfamilyemotet

task2

trojanbankerfamilyemotet