emotet

General

Target

6bbc5d102f7cdc65196d244b6313cc0d8416e468fab78c1813b01d7a834398db
Size

364KB
Sample

241120-3mt5fawake
MD5

3d90783c2ba7cd1d68f4dfb08e868141
SHA1

82fa97568005d91dbe3a778a7c6797cf60fffc10
SHA256

6bbc5d102f7cdc65196d244b6313cc0d8416e468fab78c1813b01d7a834398db
SHA512

07db343be9842de9f2b75fb1f5372fb12bc90d6e9b38f845842b263c355bed6d75cc6a0459a6b9a466f99bf12433319dd5602d3239149c9ca4318be4105c21d2
SSDEEP

6144:Bq7qn/fjMREXGdAEsas1Jeaab+3Lhr1C8J/XO6Mb:Bq/RjdAKcJHaK7J1CAJ

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

2.45.176.233:80

98.103.204.12:443

172.86.186.21:8080

192.175.111.214:8080

109.190.249.106:80

177.144.130.105:8080

70.32.84.74:8080

192.81.38.31:80

138.97.60.140:8080

189.223.16.99:80

175.143.12.123:8080

190.115.18.139:8080

170.81.48.2:80

5.196.35.138:7080

172.104.169.32:8080

178.250.54.208:8080

185.94.252.27:443

46.105.114.137:8080

79.118.74.90:80

70.169.17.134:80

rsa_pubkey.plain

Targets

- Target
  
  6bbc5d102f7cdc65196d244b6313cc0d8416e468fab78c1813b01d7a834398db
- Size
  
  364KB
- MD5
  
  3d90783c2ba7cd1d68f4dfb08e868141
- SHA1
  
  82fa97568005d91dbe3a778a7c6797cf60fffc10
- SHA256
  
  6bbc5d102f7cdc65196d244b6313cc0d8416e468fab78c1813b01d7a834398db
- SHA512
  
  07db343be9842de9f2b75fb1f5372fb12bc90d6e9b38f845842b263c355bed6d75cc6a0459a6b9a466f99bf12433319dd5602d3239149c9ca4318be4105c21d2
- SSDEEP
  
  6144:Bq7qn/fjMREXGdAEsas1Jeaab+3Lhr1C8J/XO6Mb:Bq/RjdAKcJHaK7J1CAJ
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2