emotet

General

Target

5f2b3da7bab461edaba34cfabb710e8c504f4da95f18fc59afcf35f50250e489
Size

58KB
Sample

220307-gk4p7sbbeq
MD5

1f3845d95e6cf47aa5b6ad03333961ee
SHA1

60f07ac82822d3704a63fc556fe4388c2389d1c8
SHA256

5f2b3da7bab461edaba34cfabb710e8c504f4da95f18fc59afcf35f50250e489
SHA512

62ba59cd3435f457d7642bc11bc914dc983238893fa460819d8009a7fba08093a0c34cb89135e25c87b66fa551263a72881741732d075641051c1de322e842b4

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

172.105.11.15:8080

91.121.116.137:443

80.79.23.144:443

144.139.247.220:80

188.166.253.46:8080

95.128.43.213:8080

138.201.140.110:8080

27.4.80.183:443

80.11.163.139:443

115.78.95.230:443

189.209.217.49:80

149.202.153.252:8080

186.4.172.5:8080

24.51.106.145:21

46.105.131.87:80

63.142.253.122:8080

185.14.187.201:8080

149.167.86.174:990

124.240.198.66:80

94.205.247.10:80

rsa_pubkey.plain

Targets

- Target
  
  5f2b3da7bab461edaba34cfabb710e8c504f4da95f18fc59afcf35f50250e489
- Size
  
  58KB
- MD5
  
  1f3845d95e6cf47aa5b6ad03333961ee
- SHA1
  
  60f07ac82822d3704a63fc556fe4388c2389d1c8
- SHA256
  
  5f2b3da7bab461edaba34cfabb710e8c504f4da95f18fc59afcf35f50250e489
- SHA512
  
  62ba59cd3435f457d7642bc11bc914dc983238893fa460819d8009a7fba08093a0c34cb89135e25c87b66fa551263a72881741732d075641051c1de322e842b4
Score

10^/10

emotet banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2