emotet

General

Target

413a8349daa8e6a4ed878e37a6b80a98b67de9d6c8f1876e17bb94c6f011a394
Size

493KB
Sample

241120-2n2egavcmf
MD5

0814bc8147e37d938f27aa283dcdf24c
SHA1

571a92012d7963857cfccdc49a4f777e6d307905
SHA256

413a8349daa8e6a4ed878e37a6b80a98b67de9d6c8f1876e17bb94c6f011a394
SHA512

2ae8871560355868cfb9e2bf64423307c91af0860c62494ac8a870907bca39c3927bce421714f6853d7060afc3a1e265c64e77c790dcbd36d4cac37357698c0c
SSDEEP

12288:oX21LCAEra89Ya9Fxdu56zMkqSB6izxow:oG5CAnKYa946Hqi6iFow

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

201.235.10.215:80

198.57.203.63:8080

163.172.107.70:8080

172.105.78.244:8080

107.161.30.122:8080

203.153.216.182:7080

37.46.129.215:8080

201.214.108.231:80

178.33.167.120:8080

181.113.229.139:443

192.210.217.94:8080

24.157.25.203:80

94.96.60.191:80

157.7.164.178:8081

75.127.14.170:8080

189.146.1.78:443

190.164.75.175:80

192.241.220.183:8080

190.55.233.156:80

91.83.93.103:443

rsa_pubkey.plain

1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAM/TXLLvX91I6dVMYe+T1PPO6mpcg7OJ
3
cMl9o/g4nUhZOp8fAAmQl8XMXeGvDhZXTyX1AXf401iPFui0RB6glhl/7/djvi7j
4
l32lAhyBANpKGty8xf3J5kGwwClnG/CXHQIDAQAB
5
-----END PUBLIC KEY-----

Targets

- Target
  
  413a8349daa8e6a4ed878e37a6b80a98b67de9d6c8f1876e17bb94c6f011a394
- Size
  
  493KB
- MD5
  
  0814bc8147e37d938f27aa283dcdf24c
- SHA1
  
  571a92012d7963857cfccdc49a4f777e6d307905
- SHA256
  
  413a8349daa8e6a4ed878e37a6b80a98b67de9d6c8f1876e17bb94c6f011a394
- SHA512
  
  2ae8871560355868cfb9e2bf64423307c91af0860c62494ac8a870907bca39c3927bce421714f6853d7060afc3a1e265c64e77c790dcbd36d4cac37357698c0c
- SSDEEP
  
  12288:oX21LCAEra89Ya9Fxdu56zMkqSB6izxow:oG5CAnKYa946Hqi6iFow
Score

10^/10

emotet epoch3 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.