emotet

General

Target

3cea7e25ba2791154d1309713cd4f9cd7eb52e57e0e8e6e45ef87ec9e27da5b5_unpacked
Size

74KB
Sample

221026-2y4ycahgcp
MD5

efe588cc963fc85a9304a9b00ae87749
SHA1

17cdda8d1dc476d90253634bf2f6791c96024dd1
SHA256

3cea7e25ba2791154d1309713cd4f9cd7eb52e57e0e8e6e45ef87ec9e27da5b5
SHA512

00e2261c1755c549cddc54203b98b7606c3012e4c20635a4171a754a92983790fdff72c843f8c94dd3265ef1608c6951969896efc43eb97fb2958cc142235d61
SSDEEP

1536:nQ14LR8spFrd2kxP9GkYsPHmmXZxhDVSQo/l7xmGzFBnO2i8sVJTcWEg:Q+8sLd2kJ9GSZjhSz/l7cGhE2iJ3Mg

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

190.18.146.70:80

187.147.50.167:8080

80.11.163.139:21

178.254.6.27:7080

92.222.125.16:7080

142.44.162.209:8080

31.12.67.62:7080

45.123.3.54:443

201.250.11.236:50000

41.220.119.246:80

86.98.25.30:53

37.157.194.134:443

187.144.189.58:50000

189.209.217.49:80

31.172.240.91:8080

104.131.11.150:8080

59.152.93.46:443

190.53.135.159:21

222.214.218.192:8080

162.243.125.212:8080

rsa_pubkey.plain

Targets

- Target
  
  3cea7e25ba2791154d1309713cd4f9cd7eb52e57e0e8e6e45ef87ec9e27da5b5_unpacked
- Size
  
  74KB
- MD5
  
  efe588cc963fc85a9304a9b00ae87749
- SHA1
  
  17cdda8d1dc476d90253634bf2f6791c96024dd1
- SHA256
  
  3cea7e25ba2791154d1309713cd4f9cd7eb52e57e0e8e6e45ef87ec9e27da5b5
- SHA512
  
  00e2261c1755c549cddc54203b98b7606c3012e4c20635a4171a754a92983790fdff72c843f8c94dd3265ef1608c6951969896efc43eb97fb2958cc142235d61
- SSDEEP
  
  1536:nQ14LR8spFrd2kxP9GkYsPHmmXZxhDVSQo/l7xmGzFBnO2i8sVJTcWEg:Q+8sLd2kJ9GSZjhSz/l7cGhE2iJ3Mg
Score

10^/10

emotet banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Unexpected DNS network traffic destination

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2