emotet | 75d39cde8311668ffaea4a2211eb81690af2cfb39e8407dd73fdac3e1c7cc777 | Triage

Sharing

General

Target

n06o_993933.exe
Size

416KB
Sample

191203-x84qyz5x76
MD5

5b0af3dce15d92a5a7b8a37de83eeaa7
SHA1

6dcd0197106aad03ebb99fe5b48e07030eee313c
SHA256

75d39cde8311668ffaea4a2211eb81690af2cfb39e8407dd73fdac3e1c7cc777
SHA512

6c02ee833a5c348ebf81d00a27de74b727055636da4fb8cda0fbcc7f81d8627731c7af22842cb80b061f233d2f29791b1c1342c95d6fce611c7f5d28a7a4be61

Score

10^/10

emotet epoch3 banker evasion trojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

178.153.91.22:80

92.17.138.248:80

114.183.140.94:80

172.105.213.30:80

69.30.205.162:7080

50.63.13.135:8080

192.161.190.171:8080

210.111.160.220:80

181.44.166.242:80

41.218.118.66:80

46.17.6.116:8080

142.93.87.198:8080

113.52.135.33:7080

187.177.155.123:990

172.90.70.168:443

198.57.217.170:8080

123.142.37.165:80

95.216.212.157:8080

187.250.92.82:80

216.75.37.196:8080

rsa_pubkey.plain

Targets

- Target
  
  n06o_993933.exe
- Size
  
  416KB
- MD5
  
  5b0af3dce15d92a5a7b8a37de83eeaa7
- SHA1
  
  6dcd0197106aad03ebb99fe5b48e07030eee313c
- SHA256
  
  75d39cde8311668ffaea4a2211eb81690af2cfb39e8407dd73fdac3e1c7cc777
- SHA512
  
  6c02ee833a5c348ebf81d00a27de74b727055636da4fb8cda0fbcc7f81d8627731c7af22842cb80b061f233d2f29791b1c1342c95d6fce611c7f5d28a7a4be61
Score

10^/10

trojan banker emotet evasion
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Windows security modification
  evasion trojan
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
task1 task2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

task1

trojanbankerfamilyemotet

task2

trojanbankerfamilyemotet