emotet

Sharing

Copy URL

Twitter E-mail

General

Target

emotet-dll-20210122.zip
Size

1.9MB
Sample

210124-fat713befn
MD5

9d83fffe7bab2266e1c87a7c03c9a662
SHA1

0871c66cefad77e676b2d1f9aae60df172989311
SHA256

83e988460e2d1305223d78eed848f66fbe3fdfe9d6fa0a10a008e09867dc90cb
SHA512

ebc71d16adca8b1ee64c5a9cc9be8a285177ff0cdeba9b854feb89d522bff4f38bf0a1534bdbe98a557b494c5df793133359e7e338a5874ff1f8c609947f0e9d

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

181.10.46.92:80

2.58.16.88:8080

206.189.232.2:8080

178.250.54.208:8080

167.71.148.58:443

202.134.4.210:7080

187.162.248.237:80

78.206.229.130:80

85.214.26.7:8080

5.196.35.138:7080

1.226.84.243:8080

110.39.162.2:443

185.183.16.47:80

152.231.89.226:80

138.97.60.141:7080

94.176.234.118:443

46.101.58.37:8080

93.146.143.191:80

70.32.84.74:8080

137.74.106.111:7080

rsa_pubkey.plain

Extracted

Family

emotet

Botnet

Epoch2

12.175.220.98:80

162.241.204.233:8080

50.116.111.59:8080

172.86.188.251:8080

139.99.158.11:443

66.57.108.14:443

75.177.207.146:80

194.190.67.75:80

50.245.107.73:443

173.70.61.180:80

85.105.205.77:8080

104.131.11.150:443

62.75.141.82:80

70.92.118.112:80

194.4.58.192:7080

120.150.60.189:80

24.231.88.85:80

78.24.219.147:8080

110.142.236.207:80

119.59.116.21:8080

rsa_pubkey.plain

Extracted

Family

emotet

Botnet

Epoch3

132.248.38.158:80

203.157.152.9:7080

157.245.145.87:443

110.37.224.243:80

70.32.89.105:8080

185.142.236.163:443

192.241.220.183:8080

91.83.93.103:443

54.38.143.245:8080

192.210.217.94:8080

37.205.9.252:7080

78.90.78.210:80

182.73.7.59:8080

163.53.204.180:443

91.75.75.46:80

172.104.46.84:8080

161.49.84.2:80

27.78.27.110:443

203.160.167.243:80

109.99.146.210:8080

rsa_pubkey.plain

Targets

- Target
  
  E1-20210122_075422
- Size
  
  346KB
- MD5
  
  08667fc58fec60e818c3344ed718a1dd
- SHA1
  
  d7419be7b98d03cb1b8976d197404a253eef5fe4
- SHA256
  
  4f0aebbe2bd0308a5f20f96491a8c87875b2373da050bb36f8b9fc3200dc8215
- SHA512
  
  90d433aa772b3b974360cd5e52c8014fd2c73a0f4330d2386fcf5b3c501050d56e4d4fa897411f16d0ed7f92e9c94d2f152ea2baf18ed357d7b28f8080b857ac
Score

10^/10

emotet epoch1 banker ransomware trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
- Drops file in System32 directory
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1
- Target
  
  E1-20210122_102150
- Size
  
  346KB
- MD5
  
  1542602628751eb95eecd6c00ff5cee8
- SHA1
  
  90c4d944f28167a4320c66a9efcab331e978f8d7
- SHA256
  
  f5a2ec7716664ae860577125e6e304b393e655a69cdd48c93387c0ec08cc98d5
- SHA512
  
  782bf6a3bbf7a2703f8ee30db9aa92153959bac402f8102f400cabba8427109cac4fef540cf9b6862f6b56db33c335e58c443d732d353f3538badbf0a1ff06a6
Score

10^/10

emotet epoch1 banker ransomware trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
- Drops file in System32 directory
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral2
- Target
  
  E1-20210122_132254
- Size
  
  346KB
- MD5
  
  ab77ae5d3538208590adc70713cc7d24
- SHA1
  
  427a64f7ede53d79822ae0512fedac86bcf9eb6c
- SHA256
  
  705821903a8ccb6aee7e2a8d92b5426c06a4c41e58e546e86e441a0ad8718438
- SHA512
  
  7695dd573da976e92338893cf0f1b3626fbb27fb57f34deffff50353fdbb590783c5608dc7b1b13260e0c04275fffefbd2d690d61133f336b825a072a0c6ac7d
Score

10^/10

emotet epoch1 banker ransomware trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
- Drops file in System32 directory
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral3
- Target
  
  E1-20210122_155035
- Size
  
  346KB
- MD5
  
  68fbd25cf911b291751d459fd8552b39
- SHA1
  
  c8183ad8df8a14240d338e980d5d08a6be26eb2d
- SHA256
  
  6e4515ded3e6594d4d3dc01b8fb6313b89c416df40cee77199584c70135b3bf0
- SHA512
  
  0b5e17b75ceb086ed75bee7e77d53f478efc05de0331dbc0294d46215fe8568fb4181943fbcf3a0b8102f862c590115e63d026e6e5bf6d6c125066c4aab47176
Score

10^/10

emotet epoch1 banker ransomware trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
- Drops file in System32 directory
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral4
- Target
  
  E1-20210122_214129
- Size
  
  346KB
- MD5
  
  29b3ad80fb198c20c6ad6b5aa28d8aae
- SHA1
  
  984e89ae11076a7888d40b7d6b62f22250a6eb31
- SHA256
  
  2efa06684326e0ddd41effe4b815ad298de7d44dc61410514aa1035afbbcda98
- SHA512
  
  8797ac415b15cdcd1bee20e111513f56aba29127a101ca3e152e74af58c98bc5e9ac47748a760ac1f2e5a66f358897f506da3c86b66059783e45bc6f592c5c0c
Score

10^/10

emotet epoch1 banker ransomware trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
- Drops file in System32 directory
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral5
- Target
  
  E2-20210122_075416
- Size
  
  340KB
- MD5
  
  87ab0405dd92650067542696ee0c2c98
- SHA1
  
  204e0200e2c648edf70d90472e0b6c4b15bc58c8
- SHA256
  
  8a87e9ca0011dced9b29abff8ffa438815ed675b7c9fcef3e546109a08f2ab45
- SHA512
  
  2fbb98040f88eb7d3f34157372db49fb7ee933bd63a59d74b1fd91d8ec0eaf065aa8cd69851ec75c2c379e174a3eaaf9d630f847bc525ba61fc127a68454e2d2
Score

10^/10

emotet epoch2 banker ransomware trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
- Drops file in System32 directory
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral6
- Target
  
  E2-20210122_102146
- Size
  
  340KB
- MD5
  
  cb3264c6b1b9f10c432cfd8464c50c35
- SHA1
  
  58d376387ba8437f502f4a087aa6826039bc674b
- SHA256
  
  0144ced73c6e569dcdb09f96346999a95c1618fdee9a2a3b8b294b75339c8717
- SHA512
  
  f9025827eb5f295b11d8a27b6d31829c2c49fa7f7ca35cb4c83b6c185222cb77cd45adf263b2cd0bc7143f711570a42a71b4ca66e3097989f2f6f702ef5991f2
Score

10^/10

emotet epoch2 banker ransomware trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
- Drops file in System32 directory
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral7
- Target
  
  E2-20210122_132251
- Size
  
  340KB
- MD5
  
  7bbc4b2dd2977b0682988e89a4ca34fc
- SHA1
  
  31ac1c750c4d752a5b1240ebb4e4dee7836adf5f
- SHA256
  
  78ba72e6c6c2557705b498d3305c87486c0733507ba0bea8f90b9b3fe04d7979
- SHA512
  
  474d0750a106fd6739faf288ae63d4b42eeb396d74e64931209a71d13318b31dbfe1f82e6f20b82f087733e228ef97d5db75f56e10fad6c8c4b7910d598158cc
Score

10^/10

emotet epoch2 banker ransomware trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
- Drops file in System32 directory
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral8
- Target
  
  E2-20210122_155032
- Size
  
  340KB
- MD5
  
  26cc112b507116990d38d7ea12457d77
- SHA1
  
  8b731595006a801139760b06df0b26e83795e993
- SHA256
  
  7a09e26f28b9beeb66fbb7987994be6d6e0910a03ea2cf967901b4f42a8ab48d
- SHA512
  
  f541eba64546c32f54520a607b9a409d3b2053628bd3afbd0b857ccdd2c463da98aa3e55a6d1018fd9f20ed611d650f2bf1624c8bea260d97df1283399282b41
Score

10^/10

emotet epoch2 banker ransomware trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
- Loads dropped DLL
- Drops file in System32 directory
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral9
- Target
  
  E2-20210122_214126
- Size
  
  340KB
- MD5
  
  2433f3b275380a5c957172d625c3a2f8
- SHA1
  
  e5ff9fd44d7c05027a39b8b7f1d5900fe453ec75
- SHA256
  
  87db89ff155c548270afefa729c0cfc62f625b8267478b903ddeaa2cce7ad789
- SHA512
  
  e89c5bf1b0c3caf8ef985604b99d917e7a647ca92241718c0fa0cf5c86be15f2fb1e64eeb7c3f1e7fe8752813886ed0a9316a72985236b80d4fe4f3ebccf8d38
Score

10^/10

emotet epoch2 banker ransomware trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
- Drops file in System32 directory
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral10
- Target
  
  E3-20210122_075431
- Size
  
  330KB
- MD5
  
  8d2f4a0fa3210f09a0b1e6d39596be02
- SHA1
  
  21d3798d1a29d9f66155f36539b514545ecbe6d2
- SHA256
  
  675242ac6a4551ef75937e33e617f536b9ff2bcfc0f208f8357ec123509859bb
- SHA512
  
  895e331dc99dfca3be7e61863ea178c8b3d5b231c1070f982267b570c65bfdba054cbea3d4e8a61dd82d138e9bb5a75905f320fdb0a68aa6576a4710322d7cc3
Score

10^/10

emotet epoch3 banker ransomware trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
- Drops file in System32 directory
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral11
- Target
  
  E3-20210122_102153
- Size
  
  330KB
- MD5
  
  1513d704c7ac8b9fac87b48e8ff7df42
- SHA1
  
  b1e87ec3c5c5e94d4dcab79eee1bc934a219c96a
- SHA256
  
  8851470f7775abc97093e764fd32641c4e55e1f510a0ae697b168107c04d9d40
- SHA512
  
  c19fbbdec405743e04cfe3b399cf2b87c8bef8f3c133368d4d0b404be7525e54c165f4c4dfda3ba262326237e19ebbae9331b70085b8fb87d143634ccdfadaf3
Score

10^/10

emotet epoch3 banker ransomware trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
- Drops file in System32 directory
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral12
- Target
  
  E3-20210122_132257
- Size
  
  330KB
- MD5
  
  39ceff3ce255345127cf39457fadf3b0
- SHA1
  
  dbd51fef9d49e2124aeb628da350282be4ea160d
- SHA256
  
  1affd2dfbe1066eb61a1f34564c2cdbb51b48416507d1ccf551bb9f5d5dc3248
- SHA512
  
  92a88565f6919375b751b66dfc252e7728bb285d091cb8a6f6dec82b96acf499aae1bbcd25de6edcf0b2feb1e438a596aa7b3b0bc3e42e7984d303982681286c
Score

10^/10

emotet epoch3 banker ransomware trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
- Drops file in System32 directory
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral13
- Target
  
  E3-20210122_155039
- Size
  
  330KB
- MD5
  
  9fd0fb7aa4596c60af7215ae2e0ee308
- SHA1
  
  48ea4fdd108557529540568e2b26dbd3c4f69ac9
- SHA256
  
  80a2a7a9b7aba82b6a04a19170c2e85c3680881da0c00580721ac6b82136cff6
- SHA512
  
  b70a5d3f85a7337cc3daf1f0f7026d6d9f3927b482a9d4931c9b6bc4e11656277b99e5f747db0de37a661c828e032a1dfdad1a46ea7b27612ee09d666037e740
Score

10^/10

emotet epoch3 banker ransomware trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
- Drops file in System32 directory
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral14
- Target
  
  E3-20210122_214135
- Size
  
  330KB
- MD5
  
  da2d0273101ed1b90f9b76c51a469733
- SHA1
  
  918f143d5385b9a72b624969f049bba8e45ff244
- SHA256
  
  4eb45e5798aa53064d06709eed3427021ccae1025806cb27d0482f2d20818fe2
- SHA512
  
  142b954b95934115b9c77145f087334e417d0a4bf97434836d40ba21ad66e514e776eab13bec239e2e56cf18b6549141db51d4a84a5c083170948c018c239051
Score

10^/10

emotet epoch3 banker ransomware trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
- Drops file in System32 directory
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral15

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

Blocklisted process makes network request

Drops file in System32 directory

Enumerates physical storage devices

Emotet

Blocklisted process makes network request

Drops file in System32 directory

Enumerates physical storage devices

Emotet

Blocklisted process makes network request

Drops file in System32 directory

Enumerates physical storage devices

Emotet

Blocklisted process makes network request

Drops file in System32 directory

Enumerates physical storage devices

Emotet

Blocklisted process makes network request

Drops file in System32 directory

Enumerates physical storage devices

Emotet

Blocklisted process makes network request

Drops file in System32 directory

Enumerates physical storage devices

Emotet

Blocklisted process makes network request

Drops file in System32 directory

Enumerates physical storage devices

Emotet

Blocklisted process makes network request

Drops file in System32 directory

Enumerates physical storage devices

Emotet

Blocklisted process makes network request

Loads dropped DLL

Drops file in System32 directory

Enumerates physical storage devices

Emotet

Blocklisted process makes network request

Drops file in System32 directory

Enumerates physical storage devices

Emotet

Blocklisted process makes network request

Drops file in System32 directory

Enumerates physical storage devices

Emotet

Blocklisted process makes network request

Drops file in System32 directory

Enumerates physical storage devices

Emotet

Blocklisted process makes network request

Drops file in System32 directory

Enumerates physical storage devices

Emotet

Blocklisted process makes network request

Drops file in System32 directory

Enumerates physical storage devices

Emotet

Blocklisted process makes network request

Drops file in System32 directory

Enumerates physical storage devices

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9