emotet

General

Target

2ab11119dc0823558c7d415f5f22b87c37a525d70b56b4cab6126029423d76ea
Size

88KB
Sample

220222-kwlkjsehc5
MD5

870ea41121c3e2c2f79806ea6f23cddd
SHA1

50f8e475d775e3935f79bebc4f4289ef172d3b59
SHA256

2ab11119dc0823558c7d415f5f22b87c37a525d70b56b4cab6126029423d76ea
SHA512

51db7f8c50ed24706b6f31ebd4c8c03ff771d4516203b8160b8542d5c62121dc0c7b05316280aebe4915d7a968a6383407b509588392a77e8429a20217d9c1a1

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

80.11.163.139:443

85.54.169.141:8080

185.14.187.201:8080

45.79.188.67:8080

63.142.253.122:8080

24.51.106.145:21

91.205.215.66:8080

222.214.218.192:8080

80.11.163.139:21

190.108.228.48:990

88.247.163.44:80

88.156.97.210:80

95.128.43.213:8080

211.63.71.72:8080

182.176.132.213:8090

182.176.106.43:995

186.4.172.5:8080

178.79.161.166:443

101.187.237.217:20

136.243.177.26:8080

rsa_pubkey.plain

Targets

- Target
  
  2ab11119dc0823558c7d415f5f22b87c37a525d70b56b4cab6126029423d76ea
- Size
  
  88KB
- MD5
  
  870ea41121c3e2c2f79806ea6f23cddd
- SHA1
  
  50f8e475d775e3935f79bebc4f4289ef172d3b59
- SHA256
  
  2ab11119dc0823558c7d415f5f22b87c37a525d70b56b4cab6126029423d76ea
- SHA512
  
  51db7f8c50ed24706b6f31ebd4c8c03ff771d4516203b8160b8542d5c62121dc0c7b05316280aebe4915d7a968a6383407b509588392a77e8429a20217d9c1a1
Score

10^/10

emotet banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2