emotet

General

Target

0c1ed39d9cccbc78f14972a83d4cb601ad08618ba19bec834a2061eec2abaab3
Size

772KB
Sample

220225-gkt6rsfae6
MD5

d614e5f85e2189407d452e6ed42453c9
SHA1

4c4a886e910ce80e012d93903838352a9f83ed69
SHA256

0c1ed39d9cccbc78f14972a83d4cb601ad08618ba19bec834a2061eec2abaab3
SHA512

9f40b5fd742fc29be5f72cce5aee792e4f991960ba297ed0540deae8ef436b0f691908b7411b6f4edf183f3003379705e0038024306cf74cc9dac701e7b59f1b

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

47.36.140.164:80

169.50.76.149:8080

162.241.140.129:8080

104.131.123.136:443

95.213.236.64:8080

130.0.132.242:80

123.176.25.234:80

46.105.131.79:8080

157.245.99.39:8080

79.98.24.39:8080

49.50.209.131:80

72.143.73.234:443

50.91.114.38:80

89.216.122.92:80

5.39.91.110:7080

121.124.124.40:7080

71.72.196.159:80

5.196.74.210:8080

139.162.108.71:8080

61.19.246.238:443

rsa_pubkey.plain

Targets

- Target
  
  0c1ed39d9cccbc78f14972a83d4cb601ad08618ba19bec834a2061eec2abaab3
- Size
  
  772KB
- MD5
  
  d614e5f85e2189407d452e6ed42453c9
- SHA1
  
  4c4a886e910ce80e012d93903838352a9f83ed69
- SHA256
  
  0c1ed39d9cccbc78f14972a83d4cb601ad08618ba19bec834a2061eec2abaab3
- SHA512
  
  9f40b5fd742fc29be5f72cce5aee792e4f991960ba297ed0540deae8ef436b0f691908b7411b6f4edf183f3003379705e0038024306cf74cc9dac701e7b59f1b
Score

10^/10

emotet epoch2 banker dave trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet Payload
  Detects Emotet payload in memory.
- Dave packer
  Detects executable using a packer named 'Dave' by the community, based on a string at the end.
  dave
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet Payload

Dave packer

Executes dropped EXE

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2