emotet

General

Target

3099795899e278927dbffa436cd53ae6a2a35f1ac6df26d2371f6d4ac6e22dec.zip
Size

371KB
Sample

230208-lxx6eahe7s
MD5

3efcc4dc959f8cf0c4e02c692eb56a80
SHA1

5be798d333f12778216490586c7b7a95c6986439
SHA256

1a4335c7517398d17aab05bf69722cb5d4950a7d4e16391b2484ed38bc5debfa
SHA512

622f42142095874856d88c91fc0956c9d1287f20be0d71115d48d44d928bbf8b703f56f8b287b6e1d75b9a048592a9ef506f51671d9ee6c289ea50d0d6826b35
SSDEEP

6144:4+zAA4S6FDmI+THIufum25K5/E4PienAkzB5s6Ttuh6i92Ews+V5JegeqnY+RHl/:4+zAaFH00tuenAL6hALOtVfCiHyu

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch5

C2

51.75.33.122:443

186.250.48.5:80

168.119.39.118:443

207.148.81.119:8080

194.9.172.107:8080

139.196.72.155:8080

78.47.204.80:443

159.69.237.188:443

45.71.195.104:8080

54.37.106.167:8080

185.168.130.138:443

37.44.244.177:8080

185.184.25.78:8080

185.148.168.15:8080

128.199.192.135:8080

37.59.209.141:8080

103.41.204.169:8080

185.148.168.220:8080

103.42.58.120:7080

78.46.73.125:443

eck1.plain

ecs1.plain

Targets

- Target
  
  3099795899e278927dbffa436cd53ae6a2a35f1ac6df26d2371f6d4ac6e22dec.dll
- Size
  
  684KB
- MD5
  
  e32c32b29f0df713643525550f6246d9
- SHA1
  
  883b6d7fa5e658107cdf4c76b01799df040614a8
- SHA256
  
  3099795899e278927dbffa436cd53ae6a2a35f1ac6df26d2371f6d4ac6e22dec
- SHA512
  
  70a393db4f5e6817ea2ee239829d45300f252dc5cdded04646e65e0c31c31acf4d252bf9a91b9aed08d8f7b41fdf1a85fe3aad9422e10b55595e001d4348237b
- SSDEEP
  
  6144:F/aZgRXcZdinj5y1baFLk5Dw2jb7t3mJXzQkaCIXilmj2cO8h35jnL/nvYwFaRVb:BamncoLAbcddxmSc/Jf/ngwFGMD0sg
Score

10^/10

emotet epoch5 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2