emotet

General

Target

b3a0c9616e22a36294fa06345772aeff116f2655c79ab29bf5f474aed7e1d1f4N
Size

580KB
Sample

241001-xtlhzswbqq
MD5

1182aabb11f0c7f51dc8b1ce421ded30
SHA1

7458831466719feacc70fea3c40a8f4e54bff520
SHA256

b3a0c9616e22a36294fa06345772aeff116f2655c79ab29bf5f474aed7e1d1f4
SHA512

698cc4fe76c1691e3ab06a1307f7597233b7d48d285d83269480f71067e2dd38a6d645c29efdc0ce9cfa9ca7c4e59ff7b11d4746eb0bbd79eb316a1a90bea338
SSDEEP

12288:BxhJ10GoRCjAK+NbAItxNQlZLujv54pkCiAX:BDTxPSAExNpjvj2X

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

184.66.18.83:80

202.187.222.40:80

167.71.148.58:443

211.215.18.93:8080

1.234.65.61:80

80.15.100.37:80

155.186.9.160:80

172.104.169.32:8080

110.39.162.2:443

12.162.84.2:8080

181.136.190.86:80

68.183.190.199:8080

191.223.36.170:80

190.45.24.210:80

81.213.175.132:80

181.120.29.49:80

82.76.111.249:443

177.23.7.151:80

95.76.153.115:80

93.148.247.169:80

rsa_pubkey.plain

Targets

- Target
  
  b3a0c9616e22a36294fa06345772aeff116f2655c79ab29bf5f474aed7e1d1f4N
- Size
  
  580KB
- MD5
  
  1182aabb11f0c7f51dc8b1ce421ded30
- SHA1
  
  7458831466719feacc70fea3c40a8f4e54bff520
- SHA256
  
  b3a0c9616e22a36294fa06345772aeff116f2655c79ab29bf5f474aed7e1d1f4
- SHA512
  
  698cc4fe76c1691e3ab06a1307f7597233b7d48d285d83269480f71067e2dd38a6d645c29efdc0ce9cfa9ca7c4e59ff7b11d4746eb0bbd79eb316a1a90bea338
- SSDEEP
  
  12288:BxhJ10GoRCjAK+NbAItxNQlZLujv54pkCiAX:BDTxPSAExNpjvj2X
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2