emotet

General

Target

5779db9d50105073aded54df045c927d9c331853b161a171f68cd7bd0f29c924
Size

728KB
Sample

221125-k5999sah4v
MD5

06c974f4e64fea6332a5ace68ffcc7d7
SHA1

d5c53c686d7fd4d86ed150fb74ec59a47099b075
SHA256

5779db9d50105073aded54df045c927d9c331853b161a171f68cd7bd0f29c924
SHA512

98d009db32e02bb1ea18a0cafcb8269375fe0576747b793a70fd8fe2aed196e3cdfa9ac85734568fc1de1de50d828084ebbcfa9771f5b22a8b2091d8f076314b
SSDEEP

12288:D+LMN1XrQ+LeMnUMOwOozWCf8qXC+EATlTe5L:HN1XPVU7wGD7iTe

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

125.200.20.233:80

93.186.197.189:7080

188.166.220.180:7080

192.175.111.217:7080

118.243.83.70:80

103.80.51.61:8080

185.80.172.199:80

172.96.190.154:8080

116.202.10.123:8080

46.105.131.68:8080

223.17.215.76:80

192.210.217.94:8080

190.194.12.132:80

115.79.59.157:80

190.191.171.72:80

24.231.51.190:80

203.153.216.178:7080

175.103.38.146:80

36.91.44.183:80

213.165.178.214:80

rsa_pubkey.plain

Targets

- Target
  
  5779db9d50105073aded54df045c927d9c331853b161a171f68cd7bd0f29c924
- Size
  
  728KB
- MD5
  
  06c974f4e64fea6332a5ace68ffcc7d7
- SHA1
  
  d5c53c686d7fd4d86ed150fb74ec59a47099b075
- SHA256
  
  5779db9d50105073aded54df045c927d9c331853b161a171f68cd7bd0f29c924
- SHA512
  
  98d009db32e02bb1ea18a0cafcb8269375fe0576747b793a70fd8fe2aed196e3cdfa9ac85734568fc1de1de50d828084ebbcfa9771f5b22a8b2091d8f076314b
- SSDEEP
  
  12288:D+LMN1XrQ+LeMnUMOwOozWCf8qXC+EATlTe5L:HN1XPVU7wGD7iTe
Score

10^/10

emotet epoch3 banker dave trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
- Dave packer
  Detects executable using a packer named 'Dave' by the community, based on a string at the end.
  dave
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet payload

Dave packer

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2