emotet

General

Target

4158dc52a323db3a5fc6a57fa1d1d650N
Size

228KB
Sample

240907-s9jl4stcqh
MD5

4158dc52a323db3a5fc6a57fa1d1d650
SHA1

16e7477238a530bd3a425fad35d897387fbd14a0
SHA256

1ebfb90bc0b92fd2583876f7e57b53f8aed88e9457de8344037795e7c5530624
SHA512

acc03a9a03b308907bd10d49d95543a140f85fa9a123a22967ea253e4a92fb5582a42d5fa0a8f057126e28aac5c37f4e89a82e39e8fafd205ef0cf2d5d1db8a5
SSDEEP

6144:RO1SXBFFlLbOmcJgBh3D0B9Vbi7niG3lz:R3HiJgBhD9Vz

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

5.83.32.101:80

110.172.180.180:8080

203.157.152.9:7080

157.245.145.87:443

195.159.28.244:8080

116.202.10.123:8080

175.103.38.146:80

115.79.59.157:80

188.226.165.170:8080

58.27.215.3:8080

91.83.93.103:443

49.206.31.122:80

120.51.34.254:80

2.58.16.86:8080

5.79.70.250:8080

54.38.143.245:8080

27.78.27.110:443

45.230.45.171:443

74.208.173.91:8080

46.32.229.152:8080

rsa_pubkey.plain

Targets

- Target
  
  4158dc52a323db3a5fc6a57fa1d1d650N
- Size
  
  228KB
- MD5
  
  4158dc52a323db3a5fc6a57fa1d1d650
- SHA1
  
  16e7477238a530bd3a425fad35d897387fbd14a0
- SHA256
  
  1ebfb90bc0b92fd2583876f7e57b53f8aed88e9457de8344037795e7c5530624
- SHA512
  
  acc03a9a03b308907bd10d49d95543a140f85fa9a123a22967ea253e4a92fb5582a42d5fa0a8f057126e28aac5c37f4e89a82e39e8fafd205ef0cf2d5d1db8a5
- SSDEEP
  
  6144:RO1SXBFFlLbOmcJgBh3D0B9Vbi7niG3lz:R3HiJgBhD9Vz
Score

10^/10

emotet epoch3 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2