emotet | 016ebc2084ea3bac72069e97b250bf2ea5cc74afda9179eb289b84f031d4f707 | Triage

Sharing

General

Target

dvbpurge.exe
Size

357KB
Sample

210420-lf32gymdej
MD5

2408f6020b4b93a433b3440f9966a906
SHA1

9ab9bd4e926bb3c20c6862d4f91c55c1541fcf90
SHA256

016ebc2084ea3bac72069e97b250bf2ea5cc74afda9179eb289b84f031d4f707
SHA512

c6f46ab8611bc2d2bf5d3e1aad3cd94ed50d7e1371ba8a0fd6e7a051e689efc505a8ced2b147989599fc29bb9568d7372e1360265ff57260ae5420f6b5e8bda3

Score

10^/10

emotet lea banker trojan

Malware Config

Extracted

Family

emotet

Botnet

LEA

C2

80.158.53.167:80

80.158.62.194:443

80.158.59.174:8080

80.158.43.136:80

80.158.3.161:443

80.158.51.209:8080

80.158.35.51:80

80.158.63.78:443

rsa_pubkey.plain

Targets

- Target
  
  dvbpurge.exe
- Size
  
  357KB
- MD5
  
  2408f6020b4b93a433b3440f9966a906
- SHA1
  
  9ab9bd4e926bb3c20c6862d4f91c55c1541fcf90
- SHA256
  
  016ebc2084ea3bac72069e97b250bf2ea5cc74afda9179eb289b84f031d4f707
- SHA512
  
  c6f46ab8611bc2d2bf5d3e1aad3cd94ed50d7e1371ba8a0fd6e7a051e689efc505a8ced2b147989599fc29bb9568d7372e1360265ff57260ae5420f6b5e8bda3
Score

10^/10

emotet lea banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

emotetleabankertrojan

behavioral2

emotetleabankertrojan