emotet

General

Target

0c1e0e94c1f0563902772733765d822c28a4c92bee60602609dd8f0cea4ee069
Size

58KB
Sample

220222-zbt4hsddf4
MD5

96a8df3f39d930dd11ea0453c5d81497
SHA1

615ed7b29a61503c2d8b76615769279ff93dcdbf
SHA256

0c1e0e94c1f0563902772733765d822c28a4c92bee60602609dd8f0cea4ee069
SHA512

9d00921c6a3cd9fd31025ec33a6634602041d7ab808ffe98e695a9a16a13613e1b5a40aed2a8575e3ee9098c59310487a741d2e6c85f463005948984343f6929

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

91.121.116.137:443

80.79.23.144:443

192.254.173.31:8080

190.108.228.48:990

94.205.247.10:80

85.54.169.141:8080

190.145.67.134:8090

63.142.253.122:8080

62.75.187.192:8080

185.14.187.201:8080

91.205.215.66:8080

80.11.163.139:443

92.233.128.13:143

186.4.172.5:8080

190.211.207.11:443

136.243.177.26:8080

85.104.59.244:20

87.230.19.21:8080

189.209.217.49:80

222.214.218.192:8080

rsa_pubkey.plain

Targets

- Target
  
  0c1e0e94c1f0563902772733765d822c28a4c92bee60602609dd8f0cea4ee069
- Size
  
  58KB
- MD5
  
  96a8df3f39d930dd11ea0453c5d81497
- SHA1
  
  615ed7b29a61503c2d8b76615769279ff93dcdbf
- SHA256
  
  0c1e0e94c1f0563902772733765d822c28a4c92bee60602609dd8f0cea4ee069
- SHA512
  
  9d00921c6a3cd9fd31025ec33a6634602041d7ab808ffe98e695a9a16a13613e1b5a40aed2a8575e3ee9098c59310487a741d2e6c85f463005948984343f6929
Score

10^/10

emotet banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2