emotet

General

Target

bda0e15e650646f28a2a9fe31724ab6d089e0ca4b068a6aac0f9b7d3be9e8c13
Size

433KB
Sample

241120-2m13bazkak
MD5

6088bdacab69e033cef4f6cfc7ea9fc0
SHA1

cb2ba513615ca4fbed6ae88004fc936ef52e2bbb
SHA256

bda0e15e650646f28a2a9fe31724ab6d089e0ca4b068a6aac0f9b7d3be9e8c13
SHA512

30d492621d5cff1f6611dd0ac8711545671ce8f96dbb2d766a8a5212d4c2ab2f38bf71493a0d39958238d26ef56c15e538ad997df925b9155062ecc511e44c8b
SSDEEP

12288:w3zKxZ14g1hxgsjtuEiiSFdgiAbj1qiua2yB3BSVyfYzP:a2Z1CEiTFJAbZq6Bx4yKP

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

113.161.176.235:80

88.247.30.64:80

89.163.210.141:8080

139.162.10.249:8080

203.157.152.9:7080

109.99.146.210:8080

78.90.78.210:80

172.193.14.201:80

157.7.164.178:8081

189.211.214.19:443

157.245.145.87:443

180.148.4.130:8080

46.32.229.152:8080

24.245.65.66:80

82.78.179.117:443

177.130.51.198:80

121.117.147.153:443

203.160.167.243:80

172.104.46.84:8080

202.29.237.113:8080

rsa_pubkey.plain

1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAM/TXLLvX91I6dVMYe+T1PPO6mpcg7OJ
3
cMl9o/g4nUhZOp8fAAmQl8XMXeGvDhZXTyX1AXf401iPFui0RB6glhl/7/djvi7j
4
l32lAhyBANpKGty8xf3J5kGwwClnG/CXHQIDAQAB
5
-----END PUBLIC KEY-----

Targets

- Target
  
  bda0e15e650646f28a2a9fe31724ab6d089e0ca4b068a6aac0f9b7d3be9e8c13
- Size
  
  433KB
- MD5
  
  6088bdacab69e033cef4f6cfc7ea9fc0
- SHA1
  
  cb2ba513615ca4fbed6ae88004fc936ef52e2bbb
- SHA256
  
  bda0e15e650646f28a2a9fe31724ab6d089e0ca4b068a6aac0f9b7d3be9e8c13
- SHA512
  
  30d492621d5cff1f6611dd0ac8711545671ce8f96dbb2d766a8a5212d4c2ab2f38bf71493a0d39958238d26ef56c15e538ad997df925b9155062ecc511e44c8b
- SSDEEP
  
  12288:w3zKxZ14g1hxgsjtuEiiSFdgiAbj1qiua2yB3BSVyfYzP:a2Z1CEiTFJAbZq6Bx4yKP
Score

10^/10

emotet epoch3 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.