emotet

General

Target

VEuIqlISMa.vbs
Size

2KB
Sample

220422-1nnmyagdf2
MD5

e759c57fef989e9230cf121b31e077ec
SHA1

434f3d7d49a06606c0fb73e1a2378836f2018338
SHA256

bc84d7201f37b0c02ff742f4b8c5d78412796676724fc0af530975dac2fff063
SHA512

552b94d3950641f62bcd5be46308fb3e2ab1014b3235c2b4a74d6c4f222fbe71d6991c4cb7325aa5b57f20edbd112c6b89320362ca87ee8c3a24c7f8a605e736

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

138.201.142.73:8080

138.197.147.101:443

134.195.212.50:7080

104.168.154.79:8080

149.56.131.28:8080

129.232.188.93:443

212.24.98.99:8080

119.193.124.41:7080

45.118.115.99:8080

188.44.20.25:443

103.132.242.26:8080

201.94.166.162:443

1.234.21.73:7080

206.189.28.199:8080

185.8.212.130:7080

82.165.152.127:8080

176.104.106.96:8080

173.212.193.249:8080

167.99.115.35:8080

209.126.98.206:8080

eck1.plain

ecs1.plain

Targets

- Target
  
  VEuIqlISMa.vbs
- Size
  
  2KB
- MD5
  
  e759c57fef989e9230cf121b31e077ec
- SHA1
  
  434f3d7d49a06606c0fb73e1a2378836f2018338
- SHA256
  
  bc84d7201f37b0c02ff742f4b8c5d78412796676724fc0af530975dac2fff063
- SHA512
  
  552b94d3950641f62bcd5be46308fb3e2ab1014b3235c2b4a74d6c4f222fbe71d6991c4cb7325aa5b57f20edbd112c6b89320362ca87ee8c3a24c7f8a605e736
Score

10^/10

emotet epoch4 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Downloads MZ/PE file

Deletes itself

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2