emotet | 352640f6ccac5a6a808989492c44b0f54bab52373a321e6e6eb362ee8aab45f2 | Triage

Sharing

General

Target

352640f6ccac5a6a808989492c44b0f54bab52373a321e6e6eb362ee8aab45f2
Size

712KB
Sample

221103-w6bc4sdfb3
MD5

34fbacdecae4001bcbb6744ff0cdb36a
SHA1

4ff0365853a29c226ff4c4bd891e5d715db0db8e
SHA256

352640f6ccac5a6a808989492c44b0f54bab52373a321e6e6eb362ee8aab45f2
SHA512

0dd2d2763cb666f06c9e1c8b2e6a10c71db7295d6201768b17e2882bc72f60e35516be54f6fc06e5f01a0c04319ad6c318905c486de9a3364cfc57afc2ac5af3
SSDEEP

12288:Jm3ryg7+tKkrxfIoAGA8YHrKreYkca011br+0MACwlg6WggbE/A4:JuryW+5rNIoJZYHrKrefBjWCN4

Score

10^/10

emotet epoch5 banker persistence trojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch5

C2

178.238.225.252:8080

139.196.72.155:8080

36.67.23.59:443

103.56.149.105:8080

37.44.244.177:8080

85.25.120.45:8080

202.134.4.210:7080

78.47.204.80:443

83.229.80.93:8080

93.104.209.107:8080

80.211.107.116:8080

165.22.254.236:8080

104.244.79.94:443

185.148.169.10:8080

190.145.8.4:443

175.126.176.79:8080

139.59.80.108:8080

188.165.79.151:443

128.199.217.206:443

64.227.55.231:8080

ecs1.plain

eck1.plain

Targets

- Target
  
  352640f6ccac5a6a808989492c44b0f54bab52373a321e6e6eb362ee8aab45f2
- Size
  
  712KB
- MD5
  
  34fbacdecae4001bcbb6744ff0cdb36a
- SHA1
  
  4ff0365853a29c226ff4c4bd891e5d715db0db8e
- SHA256
  
  352640f6ccac5a6a808989492c44b0f54bab52373a321e6e6eb362ee8aab45f2
- SHA512
  
  0dd2d2763cb666f06c9e1c8b2e6a10c71db7295d6201768b17e2882bc72f60e35516be54f6fc06e5f01a0c04319ad6c318905c486de9a3364cfc57afc2ac5af3
- SSDEEP
  
  12288:Jm3ryg7+tKkrxfIoAGA8YHrKreYkca011br+0MACwlg6WggbE/A4:JuryW+5rNIoJZYHrKrefBjWCN4
Score

10^/10

emotet epoch5 banker persistence trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

emotetepoch5bankerpersistencetrojan