emotet

General

Target

11e0213d37d8756cb1aba36ab6d02040fc013c910a9c362492af7bd436832b82
Size

772KB
Sample

220225-fypyjagbdk
MD5

b2381cbba833ad4df70c1e0d8dd3a006
SHA1

afa22f3d6334763ccadec9287c49825a6faf4261
SHA256

11e0213d37d8756cb1aba36ab6d02040fc013c910a9c362492af7bd436832b82
SHA512

bc298f07a600745dd575419ceaac681a6df741536aa888f54833dc3d694e1792b510e4865a31ca9d29394949eab42e944dbd97b7b82aaf14df3a65b71316b3d0

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

47.36.140.164:80

169.50.76.149:8080

162.241.140.129:8080

104.131.123.136:443

95.213.236.64:8080

130.0.132.242:80

123.176.25.234:80

46.105.131.79:8080

157.245.99.39:8080

79.98.24.39:8080

49.50.209.131:80

72.143.73.234:443

50.91.114.38:80

89.216.122.92:80

5.39.91.110:7080

121.124.124.40:7080

71.72.196.159:80

5.196.74.210:8080

139.162.108.71:8080

61.19.246.238:443

rsa_pubkey.plain

Targets

- Target
  
  11e0213d37d8756cb1aba36ab6d02040fc013c910a9c362492af7bd436832b82
- Size
  
  772KB
- MD5
  
  b2381cbba833ad4df70c1e0d8dd3a006
- SHA1
  
  afa22f3d6334763ccadec9287c49825a6faf4261
- SHA256
  
  11e0213d37d8756cb1aba36ab6d02040fc013c910a9c362492af7bd436832b82
- SHA512
  
  bc298f07a600745dd575419ceaac681a6df741536aa888f54833dc3d694e1792b510e4865a31ca9d29394949eab42e944dbd97b7b82aaf14df3a65b71316b3d0
Score

10^/10

emotet epoch2 banker dave trojan suricata
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M11
  suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M11
  suricata
- Emotet Payload
  Detects Emotet payload in memory.
- Dave packer
  Detects executable using a packer named 'Dave' by the community, based on a string at the end.
  dave
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M11

Emotet Payload

Dave packer

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2