emotet

General

Target

6133c66304706806d04fe3938b85d901de0b06fe9b43b313f1fa95c6f280eb48
Size

300KB
Sample

220730-1rjhdsafem
MD5

0f80dc57270ad210a4bd8ebfcbe7dca7
SHA1

b50009947c87c0f0a3b95a8bd27bc5952446c912
SHA256

6133c66304706806d04fe3938b85d901de0b06fe9b43b313f1fa95c6f280eb48
SHA512

ac938ea57812730a25e4ac5cb53e46b08095305dc66660cb7fc9cfcfb9f64efaaa066403c3d8d90d959520fbb1886607004bc04ded2aa5f8190eb35365e91d26

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

190.158.19.141:80

139.5.237.27:443

201.214.74.71:80

80.240.141.141:7080

185.187.198.10:8080

46.41.134.46:8080

178.249.187.151:8080

217.199.160.224:8080

123.168.4.66:22

201.184.65.229:80

190.221.50.210:8080

119.59.124.163:8080

212.71.237.140:8080

109.169.86.13:8080

190.19.42.131:80

190.230.60.129:80

190.1.37.125:443

62.75.143.100:7080

203.25.159.3:8080

87.106.77.40:7080

rsa_pubkey.plain

Targets

- Target
  
  6133c66304706806d04fe3938b85d901de0b06fe9b43b313f1fa95c6f280eb48
- Size
  
  300KB
- MD5
  
  0f80dc57270ad210a4bd8ebfcbe7dca7
- SHA1
  
  b50009947c87c0f0a3b95a8bd27bc5952446c912
- SHA256
  
  6133c66304706806d04fe3938b85d901de0b06fe9b43b313f1fa95c6f280eb48
- SHA512
  
  ac938ea57812730a25e4ac5cb53e46b08095305dc66660cb7fc9cfcfb9f64efaaa066403c3d8d90d959520fbb1886607004bc04ded2aa5f8190eb35365e91d26
Score

10^/10

emotet epoch1 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2