emotet

General

Target

ecb2ba057f9277d72a3d0e8d9912a7df9d6fb1e97aa6a4ea20843ded67e5f465
Size

304KB
Sample

241120-zxaxrstkcv
MD5

226b9ce9f9527d0c94b01f94eb2cdfe9
SHA1

3c1c5a7d848aaa230bf69d67914e6811c8f2f677
SHA256

ecb2ba057f9277d72a3d0e8d9912a7df9d6fb1e97aa6a4ea20843ded67e5f465
SHA512

e09526a163cd0c814d9d57af59e576b404f2a00eda98b1c875c245ae87a7984b21db4467c6f43503c024dbbd6ee787067fe35cf5ffb382d988274d7c50674ed5
SSDEEP

6144:WffinDToTm2cBd7ujJzt5eBMrppuDHssrzSn8RIazDF:92cBd7+t53RsrzwqDF

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

58.171.153.81:80

104.131.103.128:443

66.228.49.173:8080

181.120.79.227:80

82.76.111.249:443

177.66.190.130:80

114.109.179.60:80

190.147.137.153:443

70.32.84.74:8080

104.131.103.37:8080

111.67.12.221:8080

177.74.228.34:80

217.13.106.14:8080

187.162.248.237:80

170.81.48.2:80

186.70.127.199:8090

104.236.161.64:8080

12.162.84.2:8080

177.73.0.98:443

191.182.6.118:80

rsa_pubkey.plain

Targets

- Target
  
  ecb2ba057f9277d72a3d0e8d9912a7df9d6fb1e97aa6a4ea20843ded67e5f465
- Size
  
  304KB
- MD5
  
  226b9ce9f9527d0c94b01f94eb2cdfe9
- SHA1
  
  3c1c5a7d848aaa230bf69d67914e6811c8f2f677
- SHA256
  
  ecb2ba057f9277d72a3d0e8d9912a7df9d6fb1e97aa6a4ea20843ded67e5f465
- SHA512
  
  e09526a163cd0c814d9d57af59e576b404f2a00eda98b1c875c245ae87a7984b21db4467c6f43503c024dbbd6ee787067fe35cf5ffb382d988274d7c50674ed5
- SSDEEP
  
  6144:WffinDToTm2cBd7ujJzt5eBMrppuDHssrzSn8RIazDF:92cBd7+t53RsrzwqDF
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2