emotet

General

Target

3956fb1bf5d7b5846e57c4cee7d0f0f9f711249e8ceff6c7c8d5080d770ceb76
Size

624KB
Sample

241111-tw4wka1err
MD5

c6ad550359937e7f5ecffa0522fc5423
SHA1

b3d63263204a0da534b59d574fc544a3e326af9e
SHA256

3956fb1bf5d7b5846e57c4cee7d0f0f9f711249e8ceff6c7c8d5080d770ceb76
SHA512

65ba198630dc111354f98284af32a0c76c1cff18cdfda4b24dc3f4b53cdc686a74725e003be0087944148d9b99711b84d789ff8e5b9d86343a5416b3ecfe808b
SSDEEP

6144:eHJ5vy3kkDQg6p28Ca/cspQO9jeUX/V3RbNUXX23uxYHH8x0H8jNu3j:CkN+1/cspQO9jxVU2KY8JuT

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

201.235.10.215:80

198.57.203.63:8080

163.172.107.70:8080

172.105.78.244:8080

107.161.30.122:8080

203.153.216.182:7080

37.46.129.215:8080

201.214.108.231:80

178.33.167.120:8080

181.113.229.139:443

192.210.217.94:8080

24.157.25.203:80

94.96.60.191:80

157.7.164.178:8081

75.127.14.170:8080

189.146.1.78:443

190.164.75.175:80

192.241.220.183:8080

190.55.233.156:80

91.83.93.103:443

rsa_pubkey.plain

Targets

- Target
  
  3956fb1bf5d7b5846e57c4cee7d0f0f9f711249e8ceff6c7c8d5080d770ceb76
- Size
  
  624KB
- MD5
  
  c6ad550359937e7f5ecffa0522fc5423
- SHA1
  
  b3d63263204a0da534b59d574fc544a3e326af9e
- SHA256
  
  3956fb1bf5d7b5846e57c4cee7d0f0f9f711249e8ceff6c7c8d5080d770ceb76
- SHA512
  
  65ba198630dc111354f98284af32a0c76c1cff18cdfda4b24dc3f4b53cdc686a74725e003be0087944148d9b99711b84d789ff8e5b9d86343a5416b3ecfe808b
- SSDEEP
  
  6144:eHJ5vy3kkDQg6p28Ca/cspQO9jeUX/V3RbNUXX23uxYHH8x0H8jNu3j:CkN+1/cspQO9jxVU2KY8JuT
Score

10^/10

emotet epoch3 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2