emotet

General

Target

3bebc167adc5cfc6df3e052fcc56cca0c5d91d30fe2791b2a5a6485878c3b2f1
Size

329KB
Sample

220524-bhn9vaeehm
MD5

cc269eb719302c38ae0df44ca4833024
SHA1

d1d22fd4ea2a90099fdc76c0b2d150d61c2aef6b
SHA256

3bebc167adc5cfc6df3e052fcc56cca0c5d91d30fe2791b2a5a6485878c3b2f1
SHA512

a0ee73595b15f9e9b686b1206c71739992ca0c39792e086d3ce1b1cd4499beb01a15708c19f689dd38471759c49244b52e865ccb2473da9d8213cd4b6069200b

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

186.4.172.5:443

117.197.124.36:443

37.208.39.59:7080

186.4.172.5:8080

182.176.106.43:995

178.62.37.188:443

92.51.129.249:4143

92.222.125.16:7080

142.44.162.209:8080

31.12.67.62:7080

46.105.131.87:80

92.222.216.44:8080

87.106.136.232:8080

103.97.95.218:143

190.145.67.134:8090

104.236.246.93:8080

88.156.97.210:80

175.100.138.82:22

78.24.219.147:8080

91.205.215.66:8080

rsa_pubkey.plain

Targets

- Target
  
  3bebc167adc5cfc6df3e052fcc56cca0c5d91d30fe2791b2a5a6485878c3b2f1
- Size
  
  329KB
- MD5
  
  cc269eb719302c38ae0df44ca4833024
- SHA1
  
  d1d22fd4ea2a90099fdc76c0b2d150d61c2aef6b
- SHA256
  
  3bebc167adc5cfc6df3e052fcc56cca0c5d91d30fe2791b2a5a6485878c3b2f1
- SHA512
  
  a0ee73595b15f9e9b686b1206c71739992ca0c39792e086d3ce1b1cd4499beb01a15708c19f689dd38471759c49244b52e865ccb2473da9d8213cd4b6069200b
Score

10^/10

emotet epoch2 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2