emotet

General

Target

5fe3b9a03bb8e5a039d498da5fb984d6ebdcdfc4d58835a9b498e0d291b68510
Size

696KB
Sample

221125-l79l7ahg59
MD5

ea3a4afd0e26b39045f1c1983e077aeb
SHA1

86aad6e514bf442aafa59babd39315aa63b2a96d
SHA256

5fe3b9a03bb8e5a039d498da5fb984d6ebdcdfc4d58835a9b498e0d291b68510
SHA512

14bd55f0782bbac13cc19cfccc2993b21d1c518e865fec2940810835995b1c182e07eea880d1f9a4e538c6f93793f6c6d7fb916659522a9055b19416b023f454
SSDEEP

12288:1IPPTFEzVCoWbjXLZAboDBrXkQB12ewU4XL3xdj7rv:1ITFiVCXjubyBjf19A

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

47.36.140.164:80

169.50.76.149:8080

162.241.140.129:8080

104.131.123.136:443

95.213.236.64:8080

130.0.132.242:80

123.176.25.234:80

46.105.131.79:8080

157.245.99.39:8080

79.98.24.39:8080

49.50.209.131:80

72.143.73.234:443

50.91.114.38:80

89.216.122.92:80

5.39.91.110:7080

121.124.124.40:7080

71.72.196.159:80

5.196.74.210:8080

139.162.108.71:8080

61.19.246.238:443

rsa_pubkey.plain

Targets

- Target
  
  5fe3b9a03bb8e5a039d498da5fb984d6ebdcdfc4d58835a9b498e0d291b68510
- Size
  
  696KB
- MD5
  
  ea3a4afd0e26b39045f1c1983e077aeb
- SHA1
  
  86aad6e514bf442aafa59babd39315aa63b2a96d
- SHA256
  
  5fe3b9a03bb8e5a039d498da5fb984d6ebdcdfc4d58835a9b498e0d291b68510
- SHA512
  
  14bd55f0782bbac13cc19cfccc2993b21d1c518e865fec2940810835995b1c182e07eea880d1f9a4e538c6f93793f6c6d7fb916659522a9055b19416b023f454
- SSDEEP
  
  12288:1IPPTFEzVCoWbjXLZAboDBrXkQB12ewU4XL3xdj7rv:1ITFiVCXjubyBjf19A
Score

10^/10

emotet epoch2 banker dave trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
- Dave packer
  Detects executable using a packer named 'Dave' by the community, based on a string at the end.
  dave
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet payload

Dave packer

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2