emotet

General

Target

4ea5a4593e5b34256e70d713898843f7a3b29c1659a0237cb1baca9ce7f41735
Size

458KB
Sample

220720-vgjshscaa4
MD5

11d228fc8b33ab8123d67743f2ae8118
SHA1

5bb6089c557f3b7e5f000bfa895322f327734907
SHA256

4ea5a4593e5b34256e70d713898843f7a3b29c1659a0237cb1baca9ce7f41735
SHA512

420e9a243c615d8d6a6c14b663fd5c5f9290ef0faa4684d3c9eb2c3985f8b71080bdf39f61057b96d816c9204c219de1bd7bd7dc1d142700a5197c9c82976efc

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

211.229.116.97:80

190.38.14.52:80

201.184.65.229:80

152.46.8.148:8080

62.75.150.240:7080

207.180.208.175:8080

71.244.60.230:7080

119.59.124.163:8080

46.163.144.228:80

46.29.183.211:8080

77.245.101.134:8080

190.230.60.129:80

109.104.79.48:8080

190.19.42.131:80

5.196.35.138:7080

187.188.166.192:80

186.83.133.253:8080

123.168.4.66:22

181.81.143.108:80

119.92.51.40:8080

rsa_pubkey.plain

Targets

- Target
  
  4ea5a4593e5b34256e70d713898843f7a3b29c1659a0237cb1baca9ce7f41735
- Size
  
  458KB
- MD5
  
  11d228fc8b33ab8123d67743f2ae8118
- SHA1
  
  5bb6089c557f3b7e5f000bfa895322f327734907
- SHA256
  
  4ea5a4593e5b34256e70d713898843f7a3b29c1659a0237cb1baca9ce7f41735
- SHA512
  
  420e9a243c615d8d6a6c14b663fd5c5f9290ef0faa4684d3c9eb2c3985f8b71080bdf39f61057b96d816c9204c219de1bd7bd7dc1d142700a5197c9c82976efc
Score

10^/10

emotet epoch1 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2