emotet

General

Target

e2e6c9c4f405d4b7383f4915bb9acd90N.exe
Size

896KB
Sample

240907-b4myxayekq
MD5

e2e6c9c4f405d4b7383f4915bb9acd90
SHA1

020673eb1fe1701223f165c62bd8e298811aad7a
SHA256

a098a5cf586ea1836cd4912dc067fae2b1ecab7d4e0bef6f1e4598ff69e8ca7a
SHA512

24bd288cbf0e5c2b8b3e4d8798ff7709c678e0da8677d9ee8abc419774328bc7450420b1dc602570fbfc1ee88a825d6ac5e8eecad17c408d4fda080785c29544
SSDEEP

12288:zZlyqwEmkmauSVd2R3R0EcX0euXBzsBsU3z4ZuF:1m6whk90B/yQ

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

174.100.27.229:80

209.126.6.222:8080

5.153.250.14:8080

192.241.146.84:8080

95.9.180.128:80

77.55.211.77:8080

85.105.140.135:443

45.33.77.42:8080

77.90.136.129:8080

94.176.234.118:443

190.163.31.26:80

190.6.193.152:8080

190.181.235.46:80

81.198.69.61:80

188.2.217.94:80

114.109.179.60:80

83.169.21.32:7080

137.74.106.111:7080

212.231.60.98:80

170.81.48.2:80

rsa_pubkey.plain

Targets

- Target
  
  e2e6c9c4f405d4b7383f4915bb9acd90N.exe
- Size
  
  896KB
- MD5
  
  e2e6c9c4f405d4b7383f4915bb9acd90
- SHA1
  
  020673eb1fe1701223f165c62bd8e298811aad7a
- SHA256
  
  a098a5cf586ea1836cd4912dc067fae2b1ecab7d4e0bef6f1e4598ff69e8ca7a
- SHA512
  
  24bd288cbf0e5c2b8b3e4d8798ff7709c678e0da8677d9ee8abc419774328bc7450420b1dc602570fbfc1ee88a825d6ac5e8eecad17c408d4fda080785c29544
- SSDEEP
  
  12288:zZlyqwEmkmauSVd2R3R0EcX0euXBzsBsU3z4ZuF:1m6whk90B/yQ
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet payload

Executes dropped EXE

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2