emotet

General

Target

5aeedf0b843c0d7c398457e5ce37b50a6f8c45d75bc0a493a98394b09945f6f6
Size

772KB
Sample

220301-geda3agdb6
MD5

9d80f012f02d71f062be2a42daad213d
SHA1

fa887605992f94bc756d36c743850f1fe84471fe
SHA256

5aeedf0b843c0d7c398457e5ce37b50a6f8c45d75bc0a493a98394b09945f6f6
SHA512

862313b7b84fcaa9a088fda069575ce6d76f3b150680333361487571b3f5e1c203a16d084dafbfac82df95aeacc3807d087bbd74df899602eeab410848ea450b

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

47.36.140.164:80

169.50.76.149:8080

162.241.140.129:8080

104.131.123.136:443

95.213.236.64:8080

130.0.132.242:80

123.176.25.234:80

46.105.131.79:8080

157.245.99.39:8080

79.98.24.39:8080

49.50.209.131:80

72.143.73.234:443

50.91.114.38:80

89.216.122.92:80

5.39.91.110:7080

121.124.124.40:7080

71.72.196.159:80

5.196.74.210:8080

139.162.108.71:8080

61.19.246.238:443

rsa_pubkey.plain

Targets

- Target
  
  5aeedf0b843c0d7c398457e5ce37b50a6f8c45d75bc0a493a98394b09945f6f6
- Size
  
  772KB
- MD5
  
  9d80f012f02d71f062be2a42daad213d
- SHA1
  
  fa887605992f94bc756d36c743850f1fe84471fe
- SHA256
  
  5aeedf0b843c0d7c398457e5ce37b50a6f8c45d75bc0a493a98394b09945f6f6
- SHA512
  
  862313b7b84fcaa9a088fda069575ce6d76f3b150680333361487571b3f5e1c203a16d084dafbfac82df95aeacc3807d087bbd74df899602eeab410848ea450b
Score

10^/10

emotet epoch2 banker dave trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet Payload
  Detects Emotet payload in memory.
- Dave packer
  Detects executable using a packer named 'Dave' by the community, based on a string at the end.
  dave
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet Payload

Dave packer

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2