emotet

General

Target

3172a83195215e12f5817d1cf310fd1571b6d4c299e95dd9502f5817475dc7de
Size

57KB
Sample

220222-gz5aaaddg5
MD5

47f484a5f13fc693edc664e0fd9beec7
SHA1

1d6610795dacc878d7a547100a477c5bcadf5174
SHA256

3172a83195215e12f5817d1cf310fd1571b6d4c299e95dd9502f5817475dc7de
SHA512

46d92575b94d8016902f7570fb1048134e4f869a112387d2bcc044ee6dc01f4e816d4f24c68f04b4adefa05d4a7677ce71862158bbcf064a0082f11973c9aaa2

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

148.72.151.34:8080

37.187.2.199:443

173.249.47.77:8080

189.159.113.125:8080

31.12.67.62:7080

186.75.241.230:80

124.240.198.66:80

45.33.54.74:443

67.225.229.55:8080

104.131.11.150:8080

104.236.246.93:8080

87.230.19.21:8080

94.177.216.217:8080

189.209.217.49:80

185.187.198.15:80

62.75.187.192:8080

200.51.94.251:80

152.89.236.214:8080

181.143.194.138:443

87.106.139.101:8080

rsa_pubkey.plain

Targets

- Target
  
  3172a83195215e12f5817d1cf310fd1571b6d4c299e95dd9502f5817475dc7de
- Size
  
  57KB
- MD5
  
  47f484a5f13fc693edc664e0fd9beec7
- SHA1
  
  1d6610795dacc878d7a547100a477c5bcadf5174
- SHA256
  
  3172a83195215e12f5817d1cf310fd1571b6d4c299e95dd9502f5817475dc7de
- SHA512
  
  46d92575b94d8016902f7570fb1048134e4f869a112387d2bcc044ee6dc01f4e816d4f24c68f04b4adefa05d4a7677ce71862158bbcf064a0082f11973c9aaa2
Score

10^/10

emotet banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2