emotet

General

Target

146bdb8e61ec3ee4dd9c997ff60ab33def75afdd85a07499d518f9c7443bbfcc
Size

412KB
Sample

241120-2n85bazkcl
MD5

8a5475308108c06264a9155ba7eb7482
SHA1

f2c1c2718574107085aefd88505828787d2b97f9
SHA256

146bdb8e61ec3ee4dd9c997ff60ab33def75afdd85a07499d518f9c7443bbfcc
SHA512

9153b180120b3409e009ea5ef0e18dcd07dd0fa7940fcadf717b5763fef257ae26dbb9873422cb84de828ab91466c2feb66f2cd6dc5f90383d2259a509bd6fd0
SSDEEP

6144:ongF82B8PX+pH1lewMKG5/xOGx3cW6HKT32zfnMHPQVg5OyS:Zq+tpH1wKgxL3c2T3+fnMHP95

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

144.139.91.187:443

157.7.199.53:8080

189.218.165.63:80

104.236.161.64:8080

2.47.112.152:80

185.94.252.27:443

202.62.39.111:80

190.17.195.202:80

143.0.87.101:80

70.32.84.74:8080

45.161.242.102:80

190.194.242.254:443

50.28.51.143:8080

204.225.249.100:7080

137.74.106.111:7080

68.183.170.114:8080

181.31.211.181:80

149.62.173.247:8080

177.75.143.112:443

190.229.148.144:80

rsa_pubkey.plain

1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOZ9fLJ8UrI0OZURpPsR3eijAyfPj3z6
3
uS75f2igmYFW2aWgNcFIzsAYQleKzD0nlCFHOo7Zf8/4wY2UW0CJ4dJEHnE/PHlz
4
6uNk3pxjm7o4eCDyiJbzf+k0Azjl0q54FQIDAQAB
5
-----END PUBLIC KEY-----

Targets

- Target
  
  146bdb8e61ec3ee4dd9c997ff60ab33def75afdd85a07499d518f9c7443bbfcc
- Size
  
  412KB
- MD5
  
  8a5475308108c06264a9155ba7eb7482
- SHA1
  
  f2c1c2718574107085aefd88505828787d2b97f9
- SHA256
  
  146bdb8e61ec3ee4dd9c997ff60ab33def75afdd85a07499d518f9c7443bbfcc
- SHA512
  
  9153b180120b3409e009ea5ef0e18dcd07dd0fa7940fcadf717b5763fef257ae26dbb9873422cb84de828ab91466c2feb66f2cd6dc5f90383d2259a509bd6fd0
- SSDEEP
  
  6144:ongF82B8PX+pH1lewMKG5/xOGx3cW6HKT32zfnMHPQVg5OyS:Zq+tpH1wKgxL3c2T3+fnMHP95
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.