emotet

General

Target

7507a28eae3a80ee8dec8ccaea77a22d6226d53ad9a3e2cb0a65f66392e7173a
Size

736KB
Sample

241120-2pd1kawbjq
MD5

bddc1f8ae67e8299a3de441ccf71c4a8
SHA1

b8d9b422d4decfa3e65cdf9f4119b4b89611b680
SHA256

7507a28eae3a80ee8dec8ccaea77a22d6226d53ad9a3e2cb0a65f66392e7173a
SHA512

5c41d2d098c41c35700b0ce074ba46f59af027e3b18f9ba68f7e476fda35b0f66ca9d8770b3b9abf02ee4efe94938279e204b4928b7d3b79a3a04f44df053391
SSDEEP

12288:kxpXle/CdHI25T6HmRIteIPtdjGemV0dkEu5RVYWfrLReTmxvS6yESRsoovKUqj:CIaEmWteI1XmV06VRhfrL/a6yESRsofr

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

177.73.0.98:443

185.94.252.13:443

94.176.234.118:443

212.71.237.140:8080

186.250.52.226:8080

143.0.87.101:80

187.51.47.26:80

190.181.235.46:80

212.231.60.98:80

45.161.242.102:80

50.28.51.143:8080

190.96.118.251:443

46.214.11.172:80

186.70.127.199:8090

157.7.199.53:8080

217.13.106.14:8080

187.162.248.237:80

177.144.135.2:80

181.30.69.50:80

190.163.31.26:80

rsa_pubkey.plain

Targets

- Target
  
  7507a28eae3a80ee8dec8ccaea77a22d6226d53ad9a3e2cb0a65f66392e7173a
- Size
  
  736KB
- MD5
  
  bddc1f8ae67e8299a3de441ccf71c4a8
- SHA1
  
  b8d9b422d4decfa3e65cdf9f4119b4b89611b680
- SHA256
  
  7507a28eae3a80ee8dec8ccaea77a22d6226d53ad9a3e2cb0a65f66392e7173a
- SHA512
  
  5c41d2d098c41c35700b0ce074ba46f59af027e3b18f9ba68f7e476fda35b0f66ca9d8770b3b9abf02ee4efe94938279e204b4928b7d3b79a3a04f44df053391
- SSDEEP
  
  12288:kxpXle/CdHI25T6HmRIteIPtdjGemV0dkEu5RVYWfrLReTmxvS6yESRsoovKUqj:CIaEmWteI1XmV06VRhfrL/a6yESRsofr
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2