emotet

General

Target

d43d298aaa1e0d3c77c7deaf09f5b38431455d9ddde5bc8ad86fe7e7433bce2e
Size

365KB
Sample

220701-hxdvzshbcq
MD5

c4d31cf47fd14301bb53f5520e15e951
SHA1

7e557a0bc95d461d2f765424850b8e575aa3b88e
SHA256

d43d298aaa1e0d3c77c7deaf09f5b38431455d9ddde5bc8ad86fe7e7433bce2e
SHA512

9bef8fff5a9a0405919052687a92d10e85914f70b6a8f60991ea9c0cde1465c5474d098540f6554eda4a3343114f497591a993f441a3fd75375a22f45197b0d1

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

86.22.221.170:80

187.144.61.73:443

185.94.252.13:443

46.105.131.87:80

69.164.201.54:8080

190.211.207.11:443

186.4.172.5:8080

167.71.10.37:8080

182.176.132.213:8090

47.41.213.2:22

80.11.163.139:443

186.4.172.5:20

37.157.194.134:443

59.103.164.174:80

136.243.177.26:8080

162.241.208.52:8080

27.4.80.183:443

85.104.59.244:20

212.71.234.16:8080

27.147.163.188:8080

rsa_pubkey.plain

Targets

- Target
  
  d43d298aaa1e0d3c77c7deaf09f5b38431455d9ddde5bc8ad86fe7e7433bce2e
- Size
  
  365KB
- MD5
  
  c4d31cf47fd14301bb53f5520e15e951
- SHA1
  
  7e557a0bc95d461d2f765424850b8e575aa3b88e
- SHA256
  
  d43d298aaa1e0d3c77c7deaf09f5b38431455d9ddde5bc8ad86fe7e7433bce2e
- SHA512
  
  9bef8fff5a9a0405919052687a92d10e85914f70b6a8f60991ea9c0cde1465c5474d098540f6554eda4a3343114f497591a993f441a3fd75375a22f45197b0d1
Score

10^/10

emotet epoch2 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2