emotet

General

Target

0ef65813ab5ad90d728bfe951b2c23bb36e9cb25d4c76959525859be8b0c8c32
Size

65KB
Sample

220222-xz7cmsdhgq
MD5

151b8048553fc049e478694822fe86af
SHA1

05c9624edbae54dbc770e5724be28ad137fe5a9a
SHA256

0ef65813ab5ad90d728bfe951b2c23bb36e9cb25d4c76959525859be8b0c8c32
SHA512

f503063747f0fcd9554416b2951db592c155306d24aadabaae7654b6c56522069687495775e4a51202c4a57175d0a0af5cbf517909dcaf45eec84d10de01bb1e

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

167.99.105.223:7080

176.31.200.130:8080

212.129.24.79:8080

37.187.2.199:443

198.199.114.69:8080

91.205.215.66:8080

190.145.67.134:8090

104.131.11.150:8080

67.225.229.55:8080

167.71.10.37:8080

138.201.140.110:8080

185.187.198.15:80

87.230.19.21:8080

185.94.252.13:443

190.53.135.159:21

87.106.139.101:8080

173.249.47.77:8080

169.239.182.217:8080

133.167.80.63:7080

92.222.216.44:8080

rsa_pubkey.plain

Targets

- Target
  
  0ef65813ab5ad90d728bfe951b2c23bb36e9cb25d4c76959525859be8b0c8c32
- Size
  
  65KB
- MD5
  
  151b8048553fc049e478694822fe86af
- SHA1
  
  05c9624edbae54dbc770e5724be28ad137fe5a9a
- SHA256
  
  0ef65813ab5ad90d728bfe951b2c23bb36e9cb25d4c76959525859be8b0c8c32
- SHA512
  
  f503063747f0fcd9554416b2951db592c155306d24aadabaae7654b6c56522069687495775e4a51202c4a57175d0a0af5cbf517909dcaf45eec84d10de01bb1e
Score

10^/10

emotet banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2