emotet

General

Target

4c48a5db47f7a5ae576ed17e1ae893299c876a4eef844e4cd4933d83d6d1d0b9
Size

923KB
Sample

241120-zxcflatkcx
MD5

23ef14700ac576801d7dcb804a53fca3
SHA1

b23d80d2558eba8d2bd7ac6da8e9c56f2c744cd4
SHA256

4c48a5db47f7a5ae576ed17e1ae893299c876a4eef844e4cd4933d83d6d1d0b9
SHA512

55c9893c518318ba8482285ce46fba0e6e592a29fd3ce0b488e3d0ba3f3397cdcf57ebe4a804355e38dc8513441417d7b3a5a6cc661eb4fd60dadace78abf337
SSDEEP

12288:rMlCHIWMOZkzNxP+KngRYq3Ocs5PFCJbjhK+pfhf0LqiVN:sCpZkiKngRYbcUYXhK+pfhsLq6

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

73.116.193.136:80

185.94.252.13:443

149.62.173.247:8080

89.32.150.160:8080

185.94.252.12:80

77.90.136.129:8080

83.169.21.32:7080

104.236.161.64:8080

114.109.179.60:80

189.2.177.210:443

68.183.190.199:8080

144.139.91.187:443

185.94.252.27:443

190.181.235.46:80

82.196.15.205:8080

46.28.111.142:7080

181.167.96.215:80

202.62.39.111:80

219.92.13.25:80

191.99.160.58:80

rsa_pubkey.plain

Targets

- Target
  
  4c48a5db47f7a5ae576ed17e1ae893299c876a4eef844e4cd4933d83d6d1d0b9
- Size
  
  923KB
- MD5
  
  23ef14700ac576801d7dcb804a53fca3
- SHA1
  
  b23d80d2558eba8d2bd7ac6da8e9c56f2c744cd4
- SHA256
  
  4c48a5db47f7a5ae576ed17e1ae893299c876a4eef844e4cd4933d83d6d1d0b9
- SHA512
  
  55c9893c518318ba8482285ce46fba0e6e592a29fd3ce0b488e3d0ba3f3397cdcf57ebe4a804355e38dc8513441417d7b3a5a6cc661eb4fd60dadace78abf337
- SSDEEP
  
  12288:rMlCHIWMOZkzNxP+KngRYq3Ocs5PFCJbjhK+pfhf0LqiVN:sCpZkiKngRYbcUYXhK+pfhsLq6
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2