emotet

General

Target

0e68751d0ac216baeb7182973a550971e2758845c90cbbedab2d88d8abba3e30N.exe
Size

198KB
Sample

241219-fvt33s1jgn
MD5

d00a4a7dc254416e34ef75198d366f30
SHA1

4dbbb4c027654c2a62394c6d14c61779d233e3c1
SHA256

0e68751d0ac216baeb7182973a550971e2758845c90cbbedab2d88d8abba3e30
SHA512

440013c5d92ee2c354b893259f388538afe94dae8d8566e53ab1fd4edaa9c18c0db55b80a4cfc7e5f2063ae5df6606d3e27eac4ac60c8fc54efacf981af16784
SSDEEP

3072:aQF7Rxye46fnsWiMwoaCDpKluBvYo3rcSewvBMkbiZzWKNMDLEkzxk/lYs+0c:p73ye4SnsFlobG1aDezyEkK/lYz

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

154.120.227.206:8080

212.112.113.235:80

190.117.206.153:443

94.177.253.126:80

70.32.94.58:8080

213.138.100.98:8080

200.55.168.82:20

178.249.187.150:7080

138.197.140.163:8080

203.99.187.137:443

216.75.37.196:8080

176.58.93.123:80

83.169.33.157:8080

192.241.220.183:8080

201.196.15.79:990

144.76.62.10:8080

113.52.135.33:7080

203.99.182.135:443

91.109.5.28:8080

51.38.134.203:8080

rsa_pubkey.plain

Targets

- Target
  
  0e68751d0ac216baeb7182973a550971e2758845c90cbbedab2d88d8abba3e30N.exe
- Size
  
  198KB
- MD5
  
  d00a4a7dc254416e34ef75198d366f30
- SHA1
  
  4dbbb4c027654c2a62394c6d14c61779d233e3c1
- SHA256
  
  0e68751d0ac216baeb7182973a550971e2758845c90cbbedab2d88d8abba3e30
- SHA512
  
  440013c5d92ee2c354b893259f388538afe94dae8d8566e53ab1fd4edaa9c18c0db55b80a4cfc7e5f2063ae5df6606d3e27eac4ac60c8fc54efacf981af16784
- SSDEEP
  
  3072:aQF7Rxye46fnsWiMwoaCDpKluBvYo3rcSewvBMkbiZzWKNMDLEkzxk/lYs+0c:p73ye4SnsFlobG1aDezyEkK/lYz
Score

10^/10

emotet epoch3 banker discovery trojan upx
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Drops file in System32 directory

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2