emotet

General

Target

b235d1cb6c892523f097d191c05c627933087a960046712068c54b0b50fb3898
Size

70KB
Sample

220306-tyxj9scdf8
MD5

b3fe815bdb07617fb1df93a6effe1e50
SHA1

df108ca383c8444b5db2120673b2c2570820b0a2
SHA256

b235d1cb6c892523f097d191c05c627933087a960046712068c54b0b50fb3898
SHA512

793fc00bb92b035a977646b62293635441faa76f69ea73680c69c76975490dcc3b7cff551e9b0396760c635371a1b01b913c8523769eadc177f1a8a859c21d92

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

201.251.43.69:8080

180.183.112.185:21

101.187.237.217:20

185.142.236.163:443

192.241.250.202:8080

63.142.253.122:8080

178.254.6.27:7080

92.222.125.16:7080

45.33.49.124:443

91.205.215.66:8080

185.94.252.13:443

5.196.74.210:8080

37.208.39.59:7080

182.176.106.43:995

37.157.194.134:443

80.11.163.139:21

186.4.172.5:8080

190.186.203.55:80

190.106.97.230:443

181.143.53.227:21

rsa_pubkey.plain

Targets

- Target
  
  b235d1cb6c892523f097d191c05c627933087a960046712068c54b0b50fb3898
- Size
  
  70KB
- MD5
  
  b3fe815bdb07617fb1df93a6effe1e50
- SHA1
  
  df108ca383c8444b5db2120673b2c2570820b0a2
- SHA256
  
  b235d1cb6c892523f097d191c05c627933087a960046712068c54b0b50fb3898
- SHA512
  
  793fc00bb92b035a977646b62293635441faa76f69ea73680c69c76975490dcc3b7cff551e9b0396760c635371a1b01b913c8523769eadc177f1a8a859c21d92
Score

10^/10

emotet banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2