245ddb53f9821f9397b1a7c6392d31fa10af8eb0c4651cd8b6b4c17354a72fc5

Target

Size

280KB

Sample

220521-xx8spacge5

Score

10 ^/10

MD5

731266b66eb0ec8a2eb7295381941616

SHA1

137b273614e41ffd8a71f484c9a565cb51734212

SHA256

245ddb53f9821f9397b1a7c6392d31fa10af8eb0c4651cd8b6b4c17354a72fc5

SHA512

9a36111053949e05484f07be830e82fdb6b2a5234b9d0a8d54249e543b2dc6d08bb6e2256aaa6a98e6d15eedfd1d7afa3b95be804782598442cc9b1f23c1fde7

Extracted

Family	emotet
Botnet	Epoch2
C2	137.119.36.33:80 116.202.234.183:8080 69.30.203.214:8080 204.197.146.48:80 87.106.136.232:8080 153.163.83.106:80 91.211.88.52:7080 93.147.212.206:80 222.214.218.37:4143 189.212.199.126:443 203.153.216.189:7080 83.169.36.251:8080 188.83.220.2:443 104.236.246.93:8080 173.62.217.22:443 5.196.74.210:8080 68.188.112.97:80 139.130.242.43:80 61.19.246.238:443 24.179.13.119:80 157.245.99.39:8080 116.203.32.252:8080 203.117.253.142:80 75.139.38.211:80 41.60.200.34:80 2.58.16.85:7080 199.101.86.142:8080 169.239.182.217:8080 209.141.54.221:8080 121.124.124.40:7080 67.205.85.243:8080 79.98.24.39:8080 85.105.205.77:8080 200.41.121.90:80 185.94.252.104:443 24.233.112.152:80 37.187.72.193:8080 89.186.91.200:443 47.144.21.12:443 103.86.49.11:8080 95.179.229.244:8080 190.55.181.54:443 113.160.130.116:8443 62.75.141.82:80 47.146.117.214:80 187.161.206.24:80 104.131.44.150:8080 109.74.5.95:8080 200.114.213.233:8080 139.59.60.244:8080 81.2.235.111:8080 174.137.65.18:80 24.43.99.75:80 201.173.217.124:443 137.59.187.107:8080 46.105.131.79:8080 70.121.172.89:80 78.24.219.147:8080 74.120.55.163:80 85.152.162.105:80 93.51.50.171:8080 98.109.204.230:80 104.131.11.150:443 95.213.236.64:8080 153.232.188.106:80 176.111.60.55:8080 74.208.45.104:8080 174.102.48.180:80 190.160.53.126:80 152.168.248.128:443 180.92.239.110:8080 37.139.21.175:8080 157.147.76.151:80 167.86.90.214:8080 24.137.76.62:80 112.185.64.233:80 5.39.91.110:7080 87.106.139.101:8080 97.82.79.83:80 85.66.181.138:80 181.230.116.163:80 37.70.8.161:80 110.145.77.103:80 168.235.67.138:7080 68.44.137.144:443 137.119.36.33:80 116.202.234.183:8080 69.30.203.214:8080 204.197.146.48:80 87.106.136.232:8080 153.163.83.106:80 91.211.88.52:7080 93.147.212.206:80 222.214.218.37:4143 189.212.199.126:443 203.153.216.189:7080 83.169.36.251:8080 188.83.220.2:443 104.236.246.93:8080 173.62.217.22:443 5.196.74.210:8080 68.188.112.97:80 139.130.242.43:80 61.19.246.238:443 24.179.13.119:80 157.245.99.39:8080 116.203.32.252:8080 203.117.253.142:80 75.139.38.211:80 41.60.200.34:80 2.58.16.85:7080 199.101.86.142:8080 169.239.182.217:8080 209.141.54.221:8080 121.124.124.40:7080 67.205.85.243:8080 79.98.24.39:8080 85.105.205.77:8080 200.41.121.90:80 185.94.252.104:443 24.233.112.152:80 37.187.72.193:8080 89.186.91.200:443 47.144.21.12:443 103.86.49.11:8080 95.179.229.244:8080 190.55.181.54:443 113.160.130.116:8443 62.75.141.82:80 47.146.117.214:80 187.161.206.24:80 104.131.44.150:8080 109.74.5.95:8080 200.114.213.233:8080 139.59.60.244:8080 81.2.235.111:8080 174.137.65.18:80 24.43.99.75:80 201.173.217.124:443 137.59.187.107:8080 46.105.131.79:8080 70.121.172.89:80 78.24.219.147:8080 74.120.55.163:80 85.152.162.105:80 93.51.50.171:8080 98.109.204.230:80 104.131.11.150:443 95.213.236.64:8080 153.232.188.106:80 176.111.60.55:8080 74.208.45.104:8080 174.102.48.180:80 190.160.53.126:80 152.168.248.128:443 180.92.239.110:8080 37.139.21.175:8080 157.147.76.151:80 167.86.90.214:8080 24.137.76.62:80 112.185.64.233:80 5.39.91.110:7080 87.106.139.101:8080 97.82.79.83:80 85.66.181.138:80 181.230.116.163:80 37.70.8.161:80 110.145.77.103:80 168.235.67.138:7080 68.44.137.144:443
rsa_pubkey.plain

Target

245ddb53f9821f9397b1a7c6392d31fa10af8eb0c4651cd8b6b4c17354a72fc5

MD5

731266b66eb0ec8a2eb7295381941616

Filesize

280KB

Score

10^/10

SHA1

137b273614e41ffd8a71f484c9a565cb51734212

SHA256

245ddb53f9821f9397b1a7c6392d31fa10af8eb0c4651cd8b6b4c17354a72fc5

SHA512

9a36111053949e05484f07be830e82fdb6b2a5234b9d0a8d54249e543b2dc6d08bb6e2256aaa6a98e6d15eedfd1d7afa3b95be804782598442cc9b1f23c1fde7

Signatures

Emotet
Description

Emotet is a trojan that is primarily spread through spam emails.
Tags

trojan banker emotet
suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M8
Description

suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M8
Tags

suricata
suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M9
Description

suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M9
Tags

suricata
Emotet Payload
Description

Detects Emotet payload in memory.
Tags

trojan banker

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

emotet epoch2 banker trojan

10^/10

behavioral2

emotet epoch2 banker suricata trojan

10^/10

Extracted

Tags

Signatures

Emotet

Description

Tags

suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M8

Description

Tags

suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M9

Description

Tags

Emotet Payload

Description

Tags

Related Tasks

static1

behavioral1

behavioral2