emotet

General

Target

0371d4f04c68e560699e6a589492bcbcee67c5188973ed102dbc791059f6f741
Size

59KB
Sample

220223-amh3yshadj
MD5

ef3d2ab168550010abb419edb9d1ab93
SHA1

c552e7c0fd01dde456d5bc8c9d5c233af5793ba9
SHA256

0371d4f04c68e560699e6a589492bcbcee67c5188973ed102dbc791059f6f741
SHA512

804d92f499f56b298b918b973e2c42d859b7e5db7b35b9a5e7fd63595eed3e254cd3a1748a11844b227aa9393b6d61a1ccd8a98d14056a03a79d3419f587da4d

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

186.4.172.5:443

117.197.124.36:443

37.208.39.59:7080

186.4.172.5:8080

182.176.106.43:995

178.62.37.188:443

92.51.129.249:4143

92.222.125.16:7080

142.44.162.209:8080

31.12.67.62:7080

177.246.193.139:20

88.156.97.210:80

87.106.139.101:8080

136.243.177.26:8080

222.214.218.192:8080

87.230.19.21:8080

190.53.135.159:21

87.106.136.232:8080

178.79.161.166:443

206.189.98.125:8080

rsa_pubkey.plain

Targets

- Target
  
  0371d4f04c68e560699e6a589492bcbcee67c5188973ed102dbc791059f6f741
- Size
  
  59KB
- MD5
  
  ef3d2ab168550010abb419edb9d1ab93
- SHA1
  
  c552e7c0fd01dde456d5bc8c9d5c233af5793ba9
- SHA256
  
  0371d4f04c68e560699e6a589492bcbcee67c5188973ed102dbc791059f6f741
- SHA512
  
  804d92f499f56b298b918b973e2c42d859b7e5db7b35b9a5e7fd63595eed3e254cd3a1748a11844b227aa9393b6d61a1ccd8a98d14056a03a79d3419f587da4d
Score

10^/10

emotet banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2