emotet

General

Target

ad1e15f62f123ff2753ec2912a8edd4569aff3919a63fe07446d1765020d242c
Size

249KB
Sample

220701-r4tpfsacc3
MD5

5ea90742b887ed0a35f4d1fae6c6f130
SHA1

d5ebcf7de7fdc34f467179dcefde0d9b51fe195b
SHA256

ad1e15f62f123ff2753ec2912a8edd4569aff3919a63fe07446d1765020d242c
SHA512

91c36ccf8ebc61bd10da1f012c9325f93295d732dafc5c4ce799809cdb6659dcd2fa14d557ff9b0e46886e5cc8506b34851c093099a4f33fa682623ea22b62fa

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

70.175.171.251:80

173.70.81.77:80

107.2.2.28:80

108.179.206.219:8080

59.110.18.236:443

45.56.88.91:443

206.81.10.215:8080

176.31.200.130:8080

200.71.148.138:8080

211.63.71.72:8080

190.108.228.48:990

186.75.241.230:80

104.236.246.93:8080

45.33.49.124:443

91.205.215.66:8080

107.170.24.125:8080

190.226.44.20:21

104.131.11.150:8080

93.147.141.5:80

213.179.105.214:8080

rsa_pubkey.plain

Targets

- Target
  
  sample
- Size
  
  440KB
- MD5
  
  8b57ab47e811305e03ba1f557a3a6d50
- SHA1
  
  cf5281d61b8375d71122c1eb21d82e1a4446a12e
- SHA256
  
  6bcfbca95b078ee669f6b18141a68be27f8c2fd4dc13696cff4f45d3d2671d66
- SHA512
  
  d8595b93bfc126b9f7166c156893c87ea6e6c06b66667edd5e5bef2aeee55c4ce6a4a3e825ce218341890e4a7f922e678c693a7d6b32e1ac56ab6d33f892de07
Score

10^/10

emotet epoch2 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2