emotet

General

Target

6d756dba141baf1d9587318b415c45a6fb9935fd27b13456596f06b7b9c86013
Size

70KB
Sample

220724-2hnlesbab2
MD5

6a63899a5447ef807a7413909ec6e851
SHA1

2bf44b9fea86c2a344db61f5ee97e32c85fe2c7b
SHA256

6d756dba141baf1d9587318b415c45a6fb9935fd27b13456596f06b7b9c86013
SHA512

76be194d3bbc0747747a109a20494c4caef067d1f9f06fab93866293b62fe414115d31d2f946bb5d541d369115d46a8e34266611f7655ec3999239a291248a59

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

149.167.86.174:990

181.164.8.25:80

181.143.194.138:443

192.241.250.202:8080

63.142.253.122:8080

178.254.6.27:7080

92.222.125.16:7080

142.44.162.209:8080

86.98.25.30:53

31.172.240.91:8080

149.202.153.252:8080

201.250.11.236:50000

189.129.231.76:20

182.76.6.2:8080

189.209.217.49:80

87.106.136.232:8080

91.205.215.66:8080

212.71.234.16:8080

178.79.161.166:443

162.243.125.212:8080

rsa_pubkey.plain

Targets

- Target
  
  6d756dba141baf1d9587318b415c45a6fb9935fd27b13456596f06b7b9c86013
- Size
  
  70KB
- MD5
  
  6a63899a5447ef807a7413909ec6e851
- SHA1
  
  2bf44b9fea86c2a344db61f5ee97e32c85fe2c7b
- SHA256
  
  6d756dba141baf1d9587318b415c45a6fb9935fd27b13456596f06b7b9c86013
- SHA512
  
  76be194d3bbc0747747a109a20494c4caef067d1f9f06fab93866293b62fe414115d31d2f946bb5d541d369115d46a8e34266611f7655ec3999239a291248a59
Score

10^/10

emotet banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2