emotet

General

Target

12cea53b187c92750c027135784cb6366e6bf55121b6d9091fd9f8fcdfc670cf
Size

57KB
Sample

220222-wcczvachgp
MD5

47ab8895fdecb378d4f47d1ca2f05dc9
SHA1

9e8f8837111543157a51c033879a3c63e001b808
SHA256

12cea53b187c92750c027135784cb6366e6bf55121b6d9091fd9f8fcdfc670cf
SHA512

73a8594be0b3444ca81a4e761c26fd3deabf4f112243508a25702add203b2993a0c967de7e2d24cf0a8299b6427fbbe5df5d63b6bf61ee1157071ae26232b792

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

23.239.29.211:443

198.199.114.69:8080

80.79.23.144:443

186.4.172.5:20

31.12.67.62:7080

178.254.6.27:7080

178.79.161.166:443

87.106.139.101:8080

211.63.71.72:8080

87.230.19.21:8080

41.220.119.246:80

80.11.163.139:443

190.228.72.244:53

192.254.173.31:8080

190.53.135.159:21

212.71.234.16:8080

95.128.43.213:8080

190.108.228.48:990

85.104.59.244:20

190.106.97.230:443

rsa_pubkey.plain

Targets

- Target
  
  12cea53b187c92750c027135784cb6366e6bf55121b6d9091fd9f8fcdfc670cf
- Size
  
  57KB
- MD5
  
  47ab8895fdecb378d4f47d1ca2f05dc9
- SHA1
  
  9e8f8837111543157a51c033879a3c63e001b808
- SHA256
  
  12cea53b187c92750c027135784cb6366e6bf55121b6d9091fd9f8fcdfc670cf
- SHA512
  
  73a8594be0b3444ca81a4e761c26fd3deabf4f112243508a25702add203b2993a0c967de7e2d24cf0a8299b6427fbbe5df5d63b6bf61ee1157071ae26232b792
Score

10^/10

emotet banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2