emotet

General

Target

xxxxxxxxe5.dll
Size

624KB
Sample

220103-lc36xsbbf6
MD5

3ee41be0b69c583d608863f50ffe274f
SHA1

ea4953c05055d568e40a9f5f5c220f13585754d4
SHA256

38088b8aefc9457e0c3694c83d69329695407dd6e9ff512285445ea15c8663b6
SHA512

800ddcc5010fe768adc4c2fe6c0225bd1d02458d4a6bb7eba5c614c4d7c0f6e12d22d9a572e52ea4f9499950aaadfb1f1878eb3ead582f843fe187e9b754b460

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch5

C2

45.63.5.129:443

128.199.192.135:8080

51.178.61.60:443

168.197.250.14:80

177.72.80.14:7080

51.210.242.234:8080

142.4.219.173:8080

78.47.204.80:443

78.46.73.125:443

37.44.244.177:8080

37.59.209.141:8080

191.252.103.16:80

54.38.242.185:443

85.214.67.203:8080

217.182.143.207:443

159.69.237.188:443

210.57.209.142:8080

54.37.228.122:443

207.148.81.119:8080

195.77.239.39:8080

eck1.plain

ecs1.plain

Targets

- Target
  
  xxxxxxxxe5.dll
- Size
  
  624KB
- MD5
  
  3ee41be0b69c583d608863f50ffe274f
- SHA1
  
  ea4953c05055d568e40a9f5f5c220f13585754d4
- SHA256
  
  38088b8aefc9457e0c3694c83d69329695407dd6e9ff512285445ea15c8663b6
- SHA512
  
  800ddcc5010fe768adc4c2fe6c0225bd1d02458d4a6bb7eba5c614c4d7c0f6e12d22d9a572e52ea4f9499950aaadfb1f1878eb3ead582f843fe187e9b754b460
Score

10^/10

emotet epoch5 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2