emotet

General

Target

e20b4e9f8c0f9f68e8c5ef1c0c0f975a207cf0962804153e8c6428bd703da3c2
Size

252KB
Sample

241120-z539aataqb
MD5

50c27628d0e1a93ceb55f6fbafc16d82
SHA1

7194839bfdfe3ecaf85add27d143c1e12d7c17e9
SHA256

e20b4e9f8c0f9f68e8c5ef1c0c0f975a207cf0962804153e8c6428bd703da3c2
SHA512

2ebeff09e244200c45f071ac0de73f8c715232b994edd845fd5a5489464dc901380de45a71ce9b0c25726308089ff1aadfb9d97af9d31140138157ea9fd9b0aa
SSDEEP

6144:ndH09uYgR7OJSuwuZc2HEaYTy7beWTBd4m:dHJtlec2HEaYTXWT/l

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

91.200.186.228:443

191.252.196.221:8080

94.177.248.64:443

66.42.55.5:7080

103.8.26.103:8080

185.184.25.237:8080

103.8.26.102:8080

178.79.147.66:8080

58.227.42.236:80

45.118.135.203:7080

103.75.201.2:443

195.154.133.20:443

45.142.114.231:8080

212.237.5.209:443

207.38.84.195:8080

104.251.214.46:8080

212.237.17.99:8080

212.237.56.116:7080

216.158.226.206:443

110.232.117.186:8080

eck1.plain

ecs1.plain

Targets

- Target
  
  e20b4e9f8c0f9f68e8c5ef1c0c0f975a207cf0962804153e8c6428bd703da3c2
- Size
  
  252KB
- MD5
  
  50c27628d0e1a93ceb55f6fbafc16d82
- SHA1
  
  7194839bfdfe3ecaf85add27d143c1e12d7c17e9
- SHA256
  
  e20b4e9f8c0f9f68e8c5ef1c0c0f975a207cf0962804153e8c6428bd703da3c2
- SHA512
  
  2ebeff09e244200c45f071ac0de73f8c715232b994edd845fd5a5489464dc901380de45a71ce9b0c25726308089ff1aadfb9d97af9d31140138157ea9fd9b0aa
- SSDEEP
  
  6144:ndH09uYgR7OJSuwuZc2HEaYTy7beWTBd4m:dHJtlec2HEaYTXWT/l
Score

10^/10

emotet epoch4 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2