emotet | 2c1d3996b5dcf03297c1ec77face21d06d9596e446c5910067274e1addb2a108 | Triage

Sharing

General

Target

2c1d3996b5dcf03297c1ec77face21d06d9596e446c5910067274e1addb2a108
Size

81KB
Sample

191217-gxtn18tjge
MD5

7fefc5b667d146a1a3e7924ceaf31de9
SHA1

51138fe7721ab97c05d41ae9bdb963393df808ee
SHA256

2c1d3996b5dcf03297c1ec77face21d06d9596e446c5910067274e1addb2a108
SHA512

53d04aaa3d8966bbe1b77ed04ec5a2b6218456c6cd71b5830089fc11b9cefd5e0ca3a8b19964767229d30680f99fa901b8517c61df1191810c1145295e6f38ea

Score

10^/10

emotet epoch3 banker dropper exploiter family maldoc trojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

190.38.252.45:443

105.225.77.21:80

181.167.35.84:80

164.68.115.146:8080

5.189.148.98:8080

46.105.128.215:8080

69.30.205.162:7080

190.161.67.63:80

81.82.247.216:80

72.69.99.47:80

172.90.70.168:443

91.117.31.181:80

200.71.112.158:53

51.77.113.97:8080

190.101.87.170:80

96.234.38.186:8080

190.146.14.143:443

86.70.224.211:80

88.247.26.78:80

175.103.239.50:80

rsa_pubkey.plain

Targets

- Target
  
  2c1d3996b5dcf03297c1ec77face21d06d9596e446c5910067274e1addb2a108
- Size
  
  81KB
- MD5
  
  7fefc5b667d146a1a3e7924ceaf31de9
- SHA1
  
  51138fe7721ab97c05d41ae9bdb963393df808ee
- SHA256
  
  2c1d3996b5dcf03297c1ec77face21d06d9596e446c5910067274e1addb2a108
- SHA512
  
  53d04aaa3d8966bbe1b77ed04ec5a2b6218456c6cd71b5830089fc11b9cefd5e0ca3a8b19964767229d30680f99fa901b8517c61df1191810c1145295e6f38ea
Score

10^/10

dropper exploiter maldoc trojan banker family emotet
- Emotet Sync
  trojan banker
- emotet family
  family emotet
- Executes dropped EXE
- Drops Office document
  dropper exploiter maldoc
task1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

task1

dropperexploitermaldoctrojanbankerfamilyemotet