emotet

General

Target

fc11f30fb0debf8b8f42a7e9c0678df69c8b171c0038ea7aca7217b43b3c220f
Size

432KB
Sample

221026-3hvv6shhh8
MD5

500221e174762c63829c2ea9718ca44f
SHA1

25b3a1a2f9a5756a684c8b77f630527321ad1fb0
SHA256

fc11f30fb0debf8b8f42a7e9c0678df69c8b171c0038ea7aca7217b43b3c220f
SHA512

1b406fff66f3bf9bdf60c24b17d32bc430fecf73b91c2554bd8ad7785d7a98a3504c5e09a90d1dbc07ca269d8d835d77980466beb298d933f57d4820a0433419
SSDEEP

6144:Xil8BxssHF5REV9v+RsZ0qLpYCyMsaji++6gK5cGT:Xil8BjHFfEn3CUpYyG76gfA

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

173.73.87.96:80

71.222.233.135:443

60.250.78.22:443

80.86.91.91:8080

104.236.28.47:8080

162.241.92.219:8080

74.208.45.104:8080

178.20.74.212:80

85.105.205.77:8080

190.220.19.82:443

78.24.219.147:8080

47.26.155.17:80

110.44.113.2:80

113.52.123.226:7080

120.151.135.224:80

108.191.2.72:80

70.127.155.33:80

98.156.206.153:80

47.6.15.79:443

104.131.44.150:8080

rsa_pubkey.plain

Targets

- Target
  
  fc11f30fb0debf8b8f42a7e9c0678df69c8b171c0038ea7aca7217b43b3c220f
- Size
  
  432KB
- MD5
  
  500221e174762c63829c2ea9718ca44f
- SHA1
  
  25b3a1a2f9a5756a684c8b77f630527321ad1fb0
- SHA256
  
  fc11f30fb0debf8b8f42a7e9c0678df69c8b171c0038ea7aca7217b43b3c220f
- SHA512
  
  1b406fff66f3bf9bdf60c24b17d32bc430fecf73b91c2554bd8ad7785d7a98a3504c5e09a90d1dbc07ca269d8d835d77980466beb298d933f57d4820a0433419
- SSDEEP
  
  6144:Xil8BxssHF5REV9v+RsZ0qLpYCyMsaji++6gK5cGT:Xil8BjHFfEn3CUpYyG76gfA
Score

10^/10

emotet epoch2 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2