emotet

General

Target

bd08103a8237b70557e4a9c0b57e196a229b5da142d28f3a036d6887e5d3eeff
Size

714KB
Sample

241120-1agmgaykcj
MD5

b2da23c41f2a24927fdfb698e3eed40f
SHA1

4b73b72e0d5ca8e03e7ed06c442d8444623659c1
SHA256

bd08103a8237b70557e4a9c0b57e196a229b5da142d28f3a036d6887e5d3eeff
SHA512

64aa84d3b29bc95276a5d840ab63ff61767e682de06c38a9fa554390c2f7c40484d336d3c56d6d555e8e78221bcc5b040f0c69b8cfb123adb65008ca9c933aad
SSDEEP

12288:zotVRMUSUIgsZCXWPziyjcLtfYfWJkLzcdKWLMbTSLw7Eomqxj6gGC2:z2YUSUIgsZCezFyYodKWLMbTSLw7EoP

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

186.189.249.2:80

59.148.253.194:8080

173.212.197.71:8080

5.89.33.136:80

177.144.130.105:443

190.190.219.184:80

82.76.111.249:443

70.32.115.157:8080

62.84.75.50:80

190.24.243.186:80

51.15.7.145:80

24.232.228.233:80

46.105.114.137:8080

216.47.196.104:80

172.86.186.21:8080

186.103.141.250:443

128.92.203.42:80

190.188.245.242:80

152.169.22.67:80

170.81.48.2:80

rsa_pubkey.plain

Targets

- Target
  
  bd08103a8237b70557e4a9c0b57e196a229b5da142d28f3a036d6887e5d3eeff
- Size
  
  714KB
- MD5
  
  b2da23c41f2a24927fdfb698e3eed40f
- SHA1
  
  4b73b72e0d5ca8e03e7ed06c442d8444623659c1
- SHA256
  
  bd08103a8237b70557e4a9c0b57e196a229b5da142d28f3a036d6887e5d3eeff
- SHA512
  
  64aa84d3b29bc95276a5d840ab63ff61767e682de06c38a9fa554390c2f7c40484d336d3c56d6d555e8e78221bcc5b040f0c69b8cfb123adb65008ca9c933aad
- SSDEEP
  
  12288:zotVRMUSUIgsZCXWPziyjcLtfYfWJkLzcdKWLMbTSLw7Eomqxj6gGC2:z2YUSUIgsZCezFyYodKWLMbTSLw7EoP
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2