emotet

General

Target

d065af6e650d3f6228a1bbe5cae78e79f876e89c3a0cabafa100dd80f8426c88
Size

65KB
Sample

220306-smqf5sddfk
MD5

0cc17238884c9c6ce174237493e47d53
SHA1

e12b733dff4cb07b8944d861bf0fc006e092f5a2
SHA256

d065af6e650d3f6228a1bbe5cae78e79f876e89c3a0cabafa100dd80f8426c88
SHA512

f99fc1412b1b16896fde1c86a335abe9030ee06841d11539b8f49bfa4250bf4a255b55b248ac8246fee865dcb187e0719b56501363e7e3e8d028d4704ce8e05c

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

212.129.24.79:8080

37.187.2.199:443

173.249.47.77:8080

182.176.132.213:8090

95.128.43.213:8080

190.145.67.134:8090

46.105.131.87:80

152.89.236.214:8080

190.53.135.159:21

103.39.131.88:80

198.199.114.69:8080

212.71.234.16:8080

206.189.98.125:8080

47.41.213.2:22

92.222.216.44:8080

169.239.182.217:8080

178.210.51.222:8080

67.225.229.55:8080

104.236.246.93:8080

69.164.201.54:8080

rsa_pubkey.plain

Targets

- Target
  
  d065af6e650d3f6228a1bbe5cae78e79f876e89c3a0cabafa100dd80f8426c88
- Size
  
  65KB
- MD5
  
  0cc17238884c9c6ce174237493e47d53
- SHA1
  
  e12b733dff4cb07b8944d861bf0fc006e092f5a2
- SHA256
  
  d065af6e650d3f6228a1bbe5cae78e79f876e89c3a0cabafa100dd80f8426c88
- SHA512
  
  f99fc1412b1b16896fde1c86a335abe9030ee06841d11539b8f49bfa4250bf4a255b55b248ac8246fee865dcb187e0719b56501363e7e3e8d028d4704ce8e05c
Score

10^/10

emotet banker suricata trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M2
  suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M2
  suricata
- suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M3
  suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M3
  suricata
- suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M4
  suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M4
  suricata
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M2

suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M3

suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M4

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2