emotet

General

Target

5cd688e40e512b7ad59f876094f487eee410a4433c39012c61c6e839f64858ca.exe
Size

154KB
Sample

241219-dctcqavmfr
MD5

b83b722b2bd8310b051fc3c97fd68008
SHA1

5700e9ccbc5802bb88c57caf7a084277e10e8720
SHA256

5cd688e40e512b7ad59f876094f487eee410a4433c39012c61c6e839f64858ca
SHA512

9b9baa58e4c4bf683fb6fba14485606f40e4a2fb57d004cac1f9adb9a31b74477642ec4f0912e8e2ea6de5dd6cbbbe05131e56affff2ab7f658137583f65d553
SSDEEP

3072:uxwGkliAs4eOWdCYhG2rV5yhNFIWps3d78Mw+dXM47ulimTt8G5s6aT:YulPynhRrV5ceof4CN84U

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

186.75.241.230:80

181.143.194.138:443

181.143.53.227:21

85.104.59.244:20

80.11.163.139:443

167.71.10.37:8080

104.131.44.150:8080

185.187.198.15:80

133.167.80.63:7080

198.199.114.69:8080

144.139.247.220:80

152.89.236.214:8080

78.24.219.147:8080

92.222.216.44:8080

46.105.131.87:80

190.226.44.20:21

182.176.132.213:8090

85.54.169.141:8080

192.81.213.192:8080

101.187.237.217:20

rsa_pubkey.plain

Targets

- Target
  
  5cd688e40e512b7ad59f876094f487eee410a4433c39012c61c6e839f64858ca.exe
- Size
  
  154KB
- MD5
  
  b83b722b2bd8310b051fc3c97fd68008
- SHA1
  
  5700e9ccbc5802bb88c57caf7a084277e10e8720
- SHA256
  
  5cd688e40e512b7ad59f876094f487eee410a4433c39012c61c6e839f64858ca
- SHA512
  
  9b9baa58e4c4bf683fb6fba14485606f40e4a2fb57d004cac1f9adb9a31b74477642ec4f0912e8e2ea6de5dd6cbbbe05131e56affff2ab7f658137583f65d553
- SSDEEP
  
  3072:uxwGkliAs4eOWdCYhG2rV5yhNFIWps3d78Mw+dXM47ulimTt8G5s6aT:YulPynhRrV5ceof4CN84U
Score

10^/10

emotet epoch2 banker discovery trojan upx
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Drops file in System32 directory

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2