emotet | a3c14b0b4756017ee248d0fa029196060ca1f75a1fab7e9d81c74fbaac6a4797 | Triage

Sharing

General

Target

a3c14b0b4756017ee248d0fa029196060ca1f75a1fab7e9d81c74fbaac6a4797
Size

119KB
Sample

220306-vl88zaeecl
MD5

959ff528ddbee66e49992cd654d41bab
SHA1

7b54da1fb2cbe877b13de309c01a7112224e1f40
SHA256

a3c14b0b4756017ee248d0fa029196060ca1f75a1fab7e9d81c74fbaac6a4797
SHA512

ef0852311f23f255624c31f320847b5d6ea2da86d81e0693207444b39b73a0f58a0e3f847c585e1a734dc902b1a429c53e193f742e81a60399ac061e76623b54

Score

10^/10

emotet lea

Malware Config

Extracted

Family

emotet

Botnet

LEA

C2

80.158.3.161:443

80.158.51.209:8080

80.158.35.51:80

80.158.63.78:443

80.158.53.167:80

80.158.62.194:443

80.158.59.174:8080

80.158.43.136:80

rsa_pubkey.plain

Targets

- Target
  
  a3c14b0b4756017ee248d0fa029196060ca1f75a1fab7e9d81c74fbaac6a4797
- Size
  
  119KB
- MD5
  
  959ff528ddbee66e49992cd654d41bab
- SHA1
  
  7b54da1fb2cbe877b13de309c01a7112224e1f40
- SHA256
  
  a3c14b0b4756017ee248d0fa029196060ca1f75a1fab7e9d81c74fbaac6a4797
- SHA512
  
  ef0852311f23f255624c31f320847b5d6ea2da86d81e0693207444b39b73a0f58a0e3f847c585e1a734dc902b1a429c53e193f742e81a60399ac061e76623b54
Score

8^/10
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2