emotet

General

Target

4d8acd99b8e8b1e40b64b35dcee753a3f9073847ec1e8957e793dab849140c29
Size

516KB
Sample

220701-hs3csaafa2
MD5

f7a31719c91770d2f7f945c5acba4116
SHA1

ac2162d2ae066bf9067ad7f8bf3697a78154ea68
SHA256

4d8acd99b8e8b1e40b64b35dcee753a3f9073847ec1e8957e793dab849140c29
SHA512

1375dced5b7a646461d632d7069d40d69aaca2e008f16f6bbcb22ea8304ebaaa6f8d26d05da45dbe3c79b89fea9e3c048da5bd3c8823eafe7bb7376182b6a38d

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

190.18.146.70:80

187.147.50.167:8080

80.11.163.139:21

178.254.6.27:7080

92.222.125.16:7080

142.44.162.209:8080

31.12.67.62:7080

45.123.3.54:443

201.250.11.236:50000

41.220.119.246:80

86.98.25.30:53

37.157.194.134:443

187.144.189.58:50000

189.209.217.49:80

31.172.240.91:8080

104.131.11.150:8080

59.152.93.46:443

190.53.135.159:21

222.214.218.192:8080

162.243.125.212:8080

rsa_pubkey.plain

Targets

- Target
  
  4d8acd99b8e8b1e40b64b35dcee753a3f9073847ec1e8957e793dab849140c29
- Size
  
  516KB
- MD5
  
  f7a31719c91770d2f7f945c5acba4116
- SHA1
  
  ac2162d2ae066bf9067ad7f8bf3697a78154ea68
- SHA256
  
  4d8acd99b8e8b1e40b64b35dcee753a3f9073847ec1e8957e793dab849140c29
- SHA512
  
  1375dced5b7a646461d632d7069d40d69aaca2e008f16f6bbcb22ea8304ebaaa6f8d26d05da45dbe3c79b89fea9e3c048da5bd3c8823eafe7bb7376182b6a38d
Score

10^/10

emotet epoch2 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2