emotet | b5b306b6576a7c53f51bf47d43b8ea2f095a321a43867cd233aa66d23b4ca0f8 | Triage

Sharing

General

Target

em16.dll.exe
Size

629KB
Sample

221102-3g5zrafchk
MD5

004b591271103ab12413a2403c61916f
SHA1

963e44dcc556be60dfeffbe24e58187a834f9425
SHA256

b5b306b6576a7c53f51bf47d43b8ea2f095a321a43867cd233aa66d23b4ca0f8
SHA512

32968a90637400fd217943e7d242cc58a3fc4722be9cea206eca485045071cea4915c86a4b75cd95b56a3d4081023c8e0c1d6d9e6f42a74abc2cdaeb0d9cc444
SSDEEP

12288:6tGis7p49VmD3OjG7QbBtLY5WhNye5JHKVu6cig1Doa:6tGis1T3OjueL/hd5NKAD3

Score

10^/10

emotet banker persistence trojan

Malware Config

Targets

- Target
  
  em16.dll.exe
- Size
  
  629KB
- MD5
  
  004b591271103ab12413a2403c61916f
- SHA1
  
  963e44dcc556be60dfeffbe24e58187a834f9425
- SHA256
  
  b5b306b6576a7c53f51bf47d43b8ea2f095a321a43867cd233aa66d23b4ca0f8
- SHA512
  
  32968a90637400fd217943e7d242cc58a3fc4722be9cea206eca485045071cea4915c86a4b75cd95b56a3d4081023c8e0c1d6d9e6f42a74abc2cdaeb0d9cc444
- SSDEEP
  
  12288:6tGis7p49VmD3OjG7QbBtLY5WhNye5JHKVu6cig1Doa:6tGis1T3OjueL/hd5NKAD3
Score

10^/10

emotet banker trojan persistence
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

emotetbankertrojan

behavioral2

emotetbankerpersistencetrojan