4579bca4d958f8aef3cb870f2129d3932437685278a0b3daef7f66592b50aa98

Target

Size

448KB

Sample

220521-xbg3vaefdj

Score

10 ^/10

MD5

4f43483f5f7151ca32566a8425d0b825

SHA1

d0963c5fc1fa71906adceed34a377c9432f054c1

SHA256

4579bca4d958f8aef3cb870f2129d3932437685278a0b3daef7f66592b50aa98

SHA512

fbf675f445881ba7e46ba5bebeda537dcc24af2689d897c6f164a973d25b08c06d0eb11dda681adf4ba291862796b9d6e66d7ce21524956a7ae890cb1422f187

Extracted

Family	emotet
Botnet	Epoch1
C2	174.100.27.229:80 209.126.6.222:8080 5.153.250.14:8080 192.241.146.84:8080 95.9.180.128:80 77.55.211.77:8080 85.105.140.135:443 45.33.77.42:8080 77.90.136.129:8080 94.176.234.118:443 190.163.31.26:80 190.6.193.152:8080 190.181.235.46:80 81.198.69.61:80 188.2.217.94:80 114.109.179.60:80 83.169.21.32:7080 137.74.106.111:7080 212.231.60.98:80 170.81.48.2:80 177.74.228.34:80 178.79.163.131:8080 190.147.137.153:443 73.116.193.136:80 187.162.248.237:80 80.249.176.206:80 12.162.84.2:8080 219.92.13.25:80 46.28.111.142:7080 185.94.252.12:80 24.135.198.218:80 217.199.160.224:7080 70.32.115.157:8080 91.219.169.180:80 186.103.141.250:443 70.32.84.74:8080 172.104.169.32:8080 181.129.96.162:8080 178.250.54.208:8080 61.92.159.208:8080 190.190.148.27:8080 192.241.143.52:8080 51.159.23.217:443 82.196.15.205:8080 45.161.242.102:80 186.70.127.199:8090 204.225.249.100:7080 58.171.153.81:80 145.236.8.174:80 87.106.46.107:8080 181.120.79.227:80 186.32.90.103:443 24.148.98.177:80 149.62.173.247:8080 217.13.106.14:8080 50.28.51.143:8080 143.0.87.101:80 209.236.123.42:8080 191.99.160.58:80 51.255.165.160:8080 111.67.12.221:8080 67.247.242.247:80 177.72.13.80:80 213.60.96.117:80 68.183.190.199:8080 202.62.39.111:80 104.131.103.37:8080 212.93.117.170:80 116.125.120.88:443 177.73.0.98:443 89.32.150.160:8080 147.91.184.91:80 189.2.177.210:443 72.47.248.48:7080 186.250.52.226:8080 2.47.112.152:80 185.94.252.27:443 95.85.151.205:80 212.71.237.140:8080 68.183.170.114:8080 213.176.36.147:8080 82.76.111.249:443 191.182.6.118:80 91.222.77.105:80 94.206.45.18:80 104.131.41.185:8080 190.115.18.139:8080 5.196.35.138:7080 201.171.150.41:443 177.144.135.2:80 207.144.103.227:80 174.100.27.229:80 209.126.6.222:8080 5.153.250.14:8080 192.241.146.84:8080 95.9.180.128:80 77.55.211.77:8080 85.105.140.135:443 45.33.77.42:8080 77.90.136.129:8080 94.176.234.118:443 190.163.31.26:80 190.6.193.152:8080 190.181.235.46:80 81.198.69.61:80 188.2.217.94:80 114.109.179.60:80 83.169.21.32:7080 137.74.106.111:7080 212.231.60.98:80 170.81.48.2:80 177.74.228.34:80 178.79.163.131:8080 190.147.137.153:443 73.116.193.136:80 187.162.248.237:80 80.249.176.206:80 12.162.84.2:8080 219.92.13.25:80 46.28.111.142:7080 185.94.252.12:80 24.135.198.218:80 217.199.160.224:7080 70.32.115.157:8080 91.219.169.180:80 186.103.141.250:443 70.32.84.74:8080 172.104.169.32:8080 181.129.96.162:8080 178.250.54.208:8080 61.92.159.208:8080 190.190.148.27:8080 192.241.143.52:8080 51.159.23.217:443 82.196.15.205:8080 45.161.242.102:80 186.70.127.199:8090 204.225.249.100:7080 58.171.153.81:80 145.236.8.174:80 87.106.46.107:8080 181.120.79.227:80 186.32.90.103:443 24.148.98.177:80 149.62.173.247:8080 217.13.106.14:8080 50.28.51.143:8080 143.0.87.101:80 209.236.123.42:8080 191.99.160.58:80 51.255.165.160:8080 111.67.12.221:8080 67.247.242.247:80 177.72.13.80:80 213.60.96.117:80 68.183.190.199:8080 202.62.39.111:80 104.131.103.37:8080 212.93.117.170:80 116.125.120.88:443 177.73.0.98:443 89.32.150.160:8080 147.91.184.91:80 189.2.177.210:443 72.47.248.48:7080 186.250.52.226:8080 2.47.112.152:80 185.94.252.27:443 95.85.151.205:80 212.71.237.140:8080 68.183.170.114:8080 213.176.36.147:8080 82.76.111.249:443 191.182.6.118:80 91.222.77.105:80 94.206.45.18:80 104.131.41.185:8080 190.115.18.139:8080 5.196.35.138:7080 201.171.150.41:443 177.144.135.2:80 207.144.103.227:80
rsa_pubkey.plain

Target

4579bca4d958f8aef3cb870f2129d3932437685278a0b3daef7f66592b50aa98

MD5

4f43483f5f7151ca32566a8425d0b825

Filesize

448KB

Score

10^/10

SHA1

d0963c5fc1fa71906adceed34a377c9432f054c1

SHA256

4579bca4d958f8aef3cb870f2129d3932437685278a0b3daef7f66592b50aa98

SHA512

fbf675f445881ba7e46ba5bebeda537dcc24af2689d897c6f164a973d25b08c06d0eb11dda681adf4ba291862796b9d6e66d7ce21524956a7ae890cb1422f187

Signatures

Emotet
Description

Emotet is a trojan that is primarily spread through spam emails.
Tags

trojan banker emotet
suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M8
Description

suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M8
Tags

suricata
suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M9
Description

suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M9
Tags

suricata
Emotet Payload
Description

Detects Emotet payload in memory.
Tags

trojan banker

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

emotet epoch1 banker suricata trojan

10^/10

behavioral2

emotet epoch1 banker suricata trojan

10^/10

Extracted

Tags

Signatures

Emotet

Description

Tags

suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M8

Description

Tags

suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M9

Description

Tags

Emotet Payload

Description

Tags

Related Tasks

static1

behavioral1

behavioral2