emotet

General

Target

6e8c0a21a723bf61fe5fd90005b4f38b61e8390341d34c51154d4861e4043905
Size

65KB
Sample

220725-d55apadcbp
MD5

91e8195bd71c046a45f994b786e257a7
SHA1

6b9f8e04de0a349a65773c19c15a727eaa5b5244
SHA256

6e8c0a21a723bf61fe5fd90005b4f38b61e8390341d34c51154d4861e4043905
SHA512

98ea3dad053159b2a01de9724a55bfa58b5d844a9e8e1484e7eaa492a13c05ebf6824f184c988b3a52180a912d34685a418ec7a05efa81739c7941d63c677cb1

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

66.209.97.122:8080

174.77.190.137:8080

104.137.176.186:80

165.227.156.155:443

167.99.105.223:7080

67.225.179.64:8080

176.31.200.130:8080

5.196.74.210:8080

82.155.161.203:80

101.187.247.29:80

120.150.246.241:80

73.11.153.178:8080

91.205.215.66:443

70.46.247.81:80

24.93.212.32:80

139.130.241.252:443

70.175.171.251:80

217.160.182.191:8080

104.236.246.93:8080

98.24.231.64:80

rsa_pubkey.plain

Targets

- Target
  
  6e8c0a21a723bf61fe5fd90005b4f38b61e8390341d34c51154d4861e4043905
- Size
  
  65KB
- MD5
  
  91e8195bd71c046a45f994b786e257a7
- SHA1
  
  6b9f8e04de0a349a65773c19c15a727eaa5b5244
- SHA256
  
  6e8c0a21a723bf61fe5fd90005b4f38b61e8390341d34c51154d4861e4043905
- SHA512
  
  98ea3dad053159b2a01de9724a55bfa58b5d844a9e8e1484e7eaa492a13c05ebf6824f184c988b3a52180a912d34685a418ec7a05efa81739c7941d63c677cb1
Score

10^/10

emotet banker suricata trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M5
  suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M5
  suricata
- suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M6
  suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M6
  suricata
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M5

suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M6

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2