Emotet C2 Configuration Extraction and Analysis
Tags
country: Brazil Canada Germany France Indonesia United Kingdom
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Regsvr32 - T1218.010 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Connection Proxy - T1090 Regsvr32 - T1117 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID f8cb167c-417f-4eee-a05b-8dda3289e01d
Fingerprint ac9948d1a43323c9
Analysis status DONE
Considered CTI value 1
Text language
Published June 2, 2022, midnight
Added to db Sept. 26, 2022, 9:33 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Emotet C2 Configuration Extraction and Analysis
Title Emotet C2 Configuration Extraction and Analysis
Detected Hints/Tags/Attributes 79/2/13
Source URLs
Redirection Url
Details Source https://blogs.vmware.com/security/2022/03/emotet-c2-configuration-extraction-and-analysis.html
URL Provider
Details Provider Source level domain
Details vmware.com blogs.vmware.com
Attributes
Details Type #Events CTI Value
Details File 1018 
rundll32.exe
Details File 459 
regsvr32.exe
Details File 748 
kernel32.dll
Details File 127 
c:\windows\system32\rundll32.exe
Details File 2 
dumped.dll
Details sha256 2 
63996a39755e84ee8b5d3f47296991362a17afaaccf2ac43207a424a366f4cc9
Details IPv4 8 
131.100.24.231
Details IPv4 3 
209.59.138.75
Details IPv4 8 
103.8.26.103
Details IPv4 3 
51.38.71.0
Details IPv4 6 
212.237.17.99
Details IPv4 7 
217.182.143.207
Details IPv4 4 
135.148.121.246