emotet

General

Target

2eef2f88dc510ccfb6b90011eb308b90819efffc3bfa0c91a06d77d22d5386ac
Size

60KB
Sample

220222-h3y34seaa6
MD5

4f2b2f25dfdf2822a3d891a276069ff1
SHA1

411de06d6253b75c17a9c47b9c44650f5187d6a3
SHA256

2eef2f88dc510ccfb6b90011eb308b90819efffc3bfa0c91a06d77d22d5386ac
SHA512

68e29d6e080b3c5e241deb4023da3268073f1183c75edd954966227bff0d282a700553abac27e4109c62157e36b7d60520d67268d80ecea71854848f8228abc1

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

108.6.140.26:80

70.184.9.39:8080

222.144.13.169:80

45.55.65.123:8080

217.160.19.232:8080

176.9.43.37:8080

5.199.130.105:7080

202.175.121.202:8090

91.205.215.66:443

120.150.246.241:80

74.130.83.133:80

105.247.123.133:8080

190.12.119.180:443

37.187.72.193:8080

190.146.205.227:8080

200.21.90.5:443

206.189.112.148:8080

92.222.216.44:8080

24.94.237.248:80

2.237.76.249:80

rsa_pubkey.plain

Targets

- Target
  
  2eef2f88dc510ccfb6b90011eb308b90819efffc3bfa0c91a06d77d22d5386ac
- Size
  
  60KB
- MD5
  
  4f2b2f25dfdf2822a3d891a276069ff1
- SHA1
  
  411de06d6253b75c17a9c47b9c44650f5187d6a3
- SHA256
  
  2eef2f88dc510ccfb6b90011eb308b90819efffc3bfa0c91a06d77d22d5386ac
- SHA512
  
  68e29d6e080b3c5e241deb4023da3268073f1183c75edd954966227bff0d282a700553abac27e4109c62157e36b7d60520d67268d80ecea71854848f8228abc1
Score

10^/10

emotet banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2