emotet

General

Target

91f29c8521aef0e261ff28bc4824380791d63d28cf6525cdef6858157dcc210a
Size

388KB
Sample

220701-gkx8esefhm
MD5

284fe79685a92ad19d607e5466c5d810
SHA1

87b2ca3abc4e11754a6ffcefc233095f9cda9da6
SHA256

91f29c8521aef0e261ff28bc4824380791d63d28cf6525cdef6858157dcc210a
SHA512

99cf27f6f66d603d00da6fbc9b7c33fbb620a495c2558d1e3c131987214c8cc82dc9867faceee0d6fa2d84064d59446cf7a92d88ac88e11fa8c73630f1381277

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

105.186.87.144:80

186.75.241.230:80

200.21.90.6:80

212.129.24.82:8080

162.144.47.94:7080

77.237.248.136:8080

185.142.236.163:443

63.142.253.122:8080

190.145.67.134:8090

182.176.132.213:8090

88.247.163.44:80

85.106.1.166:50000

45.123.3.54:443

37.157.194.134:443

142.44.162.209:8080

159.65.25.128:8080

190.211.207.11:443

85.104.59.244:20

201.251.43.69:8080

101.187.237.217:20

rsa_pubkey.plain

Targets

- Target
  
  91f29c8521aef0e261ff28bc4824380791d63d28cf6525cdef6858157dcc210a
- Size
  
  388KB
- MD5
  
  284fe79685a92ad19d607e5466c5d810
- SHA1
  
  87b2ca3abc4e11754a6ffcefc233095f9cda9da6
- SHA256
  
  91f29c8521aef0e261ff28bc4824380791d63d28cf6525cdef6858157dcc210a
- SHA512
  
  99cf27f6f66d603d00da6fbc9b7c33fbb620a495c2558d1e3c131987214c8cc82dc9867faceee0d6fa2d84064d59446cf7a92d88ac88e11fa8c73630f1381277
Score

10^/10

emotet epoch2 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2