emotet

General

Target

emotet.zip
Size

412KB
Sample

230316-stbxbsbe46
MD5

bb9d726f9a7d60b32790f3e645fcc3f2
SHA1

a0150304a463ea5be87006a0766d7b7c00274764
SHA256

5dccd9fbdc3b1aceac4414c4b33cf5d72df9da5b33797cf794006112cd9399df
SHA512

a231e04709c2c1700b3cffcfca21d0b31908a1ca0ed1d0482fa500efb101cf7e7dab3804ceecaa9254d326753b2b181328956095220b464a2ed98609957d9f7a
SSDEEP

12288:CAWRA6qHyHThP4mJrB1vLka3RwW+xf8CYQ:CTcSH1P46NFYaarUCYQ

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch5

C2

103.85.95.4:8080

103.224.241.74:8080

178.238.225.252:8080

37.59.103.148:8080

78.47.204.80:443

138.197.14.67:8080

128.199.242.164:8080

54.37.228.122:443

37.44.244.177:8080

139.59.80.108:8080

218.38.121.17:443

82.98.180.154:7080

114.79.130.68:443

159.65.135.222:7080

174.138.33.49:7080

195.77.239.39:8080

193.194.92.175:443

198.199.70.22:8080

85.214.67.203:8080

93.84.115.205:7080

ecs1.plain

eck1.plain

Extracted

Family

emotet

Botnet

Epoch4

C2

164.68.99.3:8080

164.90.222.65:443

186.194.240.217:443

1.234.2.232:8080

103.75.201.2:443

187.63.160.88:80

147.139.166.154:8080

91.207.28.33:8080

5.135.159.50:443

153.92.5.27:8080

213.239.212.5:443

103.43.75.120:443

159.65.88.10:8080

167.172.253.162:8080

153.126.146.25:7080

119.59.103.152:8080

107.170.39.149:8080

183.111.227.137:8080

159.89.202.34:443

110.232.117.186:8080

eck1.plain

ecs1.plain

Targets

- Target
  
  27c6e6bc4b46148fb4dcc6a6a9346914.dll
- Size
  
  300KB
- MD5
  
  27c6e6bc4b46148fb4dcc6a6a9346914
- SHA1
  
  065d7e71a66ef077b07ea28d7e26b07ea5a26c86
- SHA256
  
  aa57889a91be96c5b5cae185792f5ad76eb5248abb66344a740266a1c297cfd7
- SHA512
  
  3b50da2b20c50c07d9ad916623ee9da5455f2724567a171943959226dee18bc359de10f0638a34b50c51ba7e539f4845167f52b9f083966dd8a3f3a3454bba26
- SSDEEP
  
  6144:+TSJ5KqLXrlG1qTSZLJbgrVfpaHbEMbn9lTej0QjUZ:+aKqjgqTQVgjaHfbnOjZUZ
Score

10^/10

emotet epoch5 banker trojan persistence
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  bfc060937dc90b273eccb6825145f298.dll
- Size
  
  309KB
- MD5
  
  bfc060937dc90b273eccb6825145f298
- SHA1
  
  c156c00c7e918f0cb7363614fb1f177c90d8108a
- SHA256
  
  2f39c2879989ddd7f9ecf52b6232598e5595f8bf367846ff188c9dfbf1251253
- SHA512
  
  cc1fee19314b0a0f9e292fa84f6e98f087033d77db937848dda1da0c88f49997866cba5465df04bf929b810b42fdb81481341064c4565c9b6272fa7f3b473ac5
- SSDEEP
  
  6144:cwNQMQTlfdUPABVy559hhR3iP7TfPYbrF1EFVw0todxKROsCt:rNbadDBkZ6rPeEFizdxxsCt
Score

10^/10

emotet epoch4 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Adds Run key to start application

Emotet

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4