Overview

overview

10

Static

static

family.exe

windows7_x64

10

family.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    family

  • Size

    332KB

  • Sample

    201124-7g6p4w8w6a

  • MD5

    f9249b74e2440ac8f6ef8d1c89e318e9

  • SHA1

    876f3e39a3c80ed0920fe078a080315fa69a9d9b

  • SHA256

    26a617b36fce136b57408352b178fb6d0d6dfde977935a4f81673466a8c8d2b6

  • SHA512

    e6ed62c9980d88f966e6604f6b1e555653e20422013c351b1282ac25a212051657787391d3b69bc82e9400e9e57015a9af39e9a8ac767b05d3c3c7d359d82527

Score
10/10
emotetepoch3bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

222.239.249.166:443

217.26.163.82:7080

91.205.173.54:8080

163.172.97.112:8080

103.205.177.229:80

176.58.93.123:80

212.112.113.235:80

201.196.15.79:990

193.34.144.138:8080

172.104.70.207:8080

104.238.80.237:8080

181.44.166.242:80

119.159.150.176:443

5.189.148.98:8080

139.162.185.116:443

190.189.79.73:80

78.46.87.133:8080

192.241.220.183:8080

23.253.207.142:8080

216.70.88.55:8080
rsa_pubkey.plain

Targets

    • Target

      family

    • Size

      332KB

    • MD5

      f9249b74e2440ac8f6ef8d1c89e318e9

    • SHA1

      876f3e39a3c80ed0920fe078a080315fa69a9d9b

    • SHA256

      26a617b36fce136b57408352b178fb6d0d6dfde977935a4f81673466a8c8d2b6

    • SHA512

      e6ed62c9980d88f966e6604f6b1e555653e20422013c351b1282ac25a212051657787391d3b69bc82e9400e9e57015a9af39e9a8ac767b05d3c3c7d359d82527

    Score
    10/10
    emotetepoch3bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks