emotet_exe_e2_42b2209758b127d7b9fc3e6e6bc8cf8ebaa27f5e18698d4b5fba82584be2cf0a_2020-11-19__132320.exe

General
Target

emotet_exe_e2_42b2209758b127d7b9fc3e6e6bc8cf8ebaa27f5e18698d4b5fba82584be2cf0a_2020-11-19__132320.exe

Size

464KB

Sample

201119-sgaxg4ab96

Score
10 /10
MD5

09dd6910e33af854cf3fd1f12691079b

SHA1

5b3f6066f090c4180ae5c22cb533b15d3ec7edd6

SHA256

3f2ccd6dfad5b95e605538892c316d4217625ef0910d39d1f703d89c00929ccb

SHA512

d6d4fc064e2d7272a05bb062db01c58911d4c5a3fd92d112a98076f9dc7bb4ecc8a8d14878cd50a23402a07dda4ff0fcdb797505ba5d09b9866cc83cacb7d4f6

Malware Config

Extracted

Family emotet
Botnet Epoch2
C2

174.106.122.139:80

159.203.116.47:8080

173.249.6.108:443

104.236.246.93:8080

174.45.13.118:80

137.59.187.107:8080

94.200.114.161:80

37.187.72.193:8080

67.10.155.92:80

121.124.124.40:7080

24.43.99.75:80

75.139.38.211:80

109.74.5.95:8080

137.119.36.33:80

74.134.41.124:80

66.65.136.14:80

94.1.108.190:443

181.169.235.7:80

79.137.83.50:443

104.131.44.150:8080

121.7.127.163:80

96.249.236.156:443

120.150.60.189:80

134.209.36.254:8080

110.145.77.103:80

118.83.154.64:443

71.72.196.159:80

50.91.114.38:80

62.75.141.82:80

157.245.99.39:8080

140.186.212.146:80

168.235.67.138:7080

104.131.11.150:443

78.24.219.147:8080

46.105.131.79:8080

104.251.33.179:80

24.43.32.186:80

200.114.213.233:8080

153.137.36.142:80

85.96.199.93:80

94.23.237.171:443

5.39.91.110:7080

85.152.162.105:80

162.241.242.173:8080

213.196.135.145:80

139.99.158.11:443

194.187.133.160:443

78.187.156.31:80

1.221.254.82:80

124.41.215.226:80

rsa_pubkey.plain
Targets
Target

emotet_exe_e2_42b2209758b127d7b9fc3e6e6bc8cf8ebaa27f5e18698d4b5fba82584be2cf0a_2020-11-19__132320.exe

MD5

09dd6910e33af854cf3fd1f12691079b

Filesize

464KB

Score
10 /10
SHA1

5b3f6066f090c4180ae5c22cb533b15d3ec7edd6

SHA256

3f2ccd6dfad5b95e605538892c316d4217625ef0910d39d1f703d89c00929ccb

SHA512

d6d4fc064e2d7272a05bb062db01c58911d4c5a3fd92d112a98076f9dc7bb4ecc8a8d14878cd50a23402a07dda4ff0fcdb797505ba5d09b9866cc83cacb7d4f6

Tags

Signatures

  • Emotet

    Description

    Emotet is a trojan that is primarily spread through spam emails.

    Tags

  • Emotet Payload

    Description

    Detects Emotet payload in memory.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10