emotet

General

Target

e1c78d42d26f2869f10ffbfd737e4a5095bc91c5c30bf60f86b5672126b0c63f
Size

70KB
Sample

220306-rss9jsdaam
MD5

078c3d381125f56be87e5ef7885c98fb
SHA1

e40b85d6a94e7387ff7a2b05678e8452176d4c87
SHA256

e1c78d42d26f2869f10ffbfd737e4a5095bc91c5c30bf60f86b5672126b0c63f
SHA512

5629060389d72af300db272698e489b93eacb9303ba5b947668f88afd041c4b732aa7423c0b48d0f74352a5319e3069bee2664ea9f64ba6f709b5c64f2e418c1

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

190.106.97.230:443

24.51.106.145:21

186.4.172.5:443

77.237.248.136:8080

185.142.236.163:443

63.142.253.122:8080

178.254.6.27:7080

92.222.125.16:7080

182.176.106.43:995

31.12.67.62:7080

37.157.194.134:443

85.106.1.166:50000

201.251.43.69:8080

136.243.177.26:8080

104.131.11.150:8080

190.201.164.223:53

103.97.95.218:143

190.53.135.159:21

138.201.140.110:8080

80.11.163.139:21

rsa_pubkey.plain

Targets

- Target
  
  e1c78d42d26f2869f10ffbfd737e4a5095bc91c5c30bf60f86b5672126b0c63f
- Size
  
  70KB
- MD5
  
  078c3d381125f56be87e5ef7885c98fb
- SHA1
  
  e40b85d6a94e7387ff7a2b05678e8452176d4c87
- SHA256
  
  e1c78d42d26f2869f10ffbfd737e4a5095bc91c5c30bf60f86b5672126b0c63f
- SHA512
  
  5629060389d72af300db272698e489b93eacb9303ba5b947668f88afd041c4b732aa7423c0b48d0f74352a5319e3069bee2664ea9f64ba6f709b5c64f2e418c1
Score

10^/10

emotet banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2