emotet

General

Target

16c1966aa46985b23969f4f226a3ae8cf5ec7d21c9998c9b89501bff460b6709
Size

65KB
Sample

220222-tdf2saafh3
MD5

f32f76d54ea70f75302793d7e0f61762
SHA1

8c350b7e986a7b312ac42acaff91316f196ce06c
SHA256

16c1966aa46985b23969f4f226a3ae8cf5ec7d21c9998c9b89501bff460b6709
SHA512

3dd0b97da2768fddda53ca1343b62527194f2f505c1a2fd80c406ae581a7fc718c939c4c1905fa1aaeaf8cd3dfeaff02823449a0506cc29598165602a61c62f9

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

192.241.220.155:8080

167.99.105.223:7080

176.31.200.130:8080

212.129.24.79:8080

94.177.216.217:8080

46.105.131.87:80

133.167.80.63:7080

167.71.10.37:8080

87.106.139.101:8080

144.139.247.220:80

217.160.182.191:8080

200.71.148.138:8080

186.4.172.5:8080

95.128.43.213:8080

27.147.163.188:8080

209.141.41.136:8080

186.4.172.5:20

115.78.95.230:443

104.236.246.93:8080

31.12.67.62:7080

rsa_pubkey.plain

Targets

- Target
  
  16c1966aa46985b23969f4f226a3ae8cf5ec7d21c9998c9b89501bff460b6709
- Size
  
  65KB
- MD5
  
  f32f76d54ea70f75302793d7e0f61762
- SHA1
  
  8c350b7e986a7b312ac42acaff91316f196ce06c
- SHA256
  
  16c1966aa46985b23969f4f226a3ae8cf5ec7d21c9998c9b89501bff460b6709
- SHA512
  
  3dd0b97da2768fddda53ca1343b62527194f2f505c1a2fd80c406ae581a7fc718c939c4c1905fa1aaeaf8cd3dfeaff02823449a0506cc29598165602a61c62f9
Score

10^/10

emotet banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2