emotet

General

Target

9f1e1fc409d82b5c6b072f2c10ca4134f3ef80e3e2b7e05a599037831f673e55
Size

176KB
Sample

241121-a61gca1qgm
MD5

ba2955d1c844d2d2db7443f341e319a5
SHA1

9b505b2a3830f4f4fa6680e54521dc4a1f17a465
SHA256

9f1e1fc409d82b5c6b072f2c10ca4134f3ef80e3e2b7e05a599037831f673e55
SHA512

3a64afa3ebca7f9435e5dc770aab98c6af15e522c5a325ab037e16a30f14d342051ff0dc313b9ac0d1fd4efe5b0c30156b2c7f03aec318dcac852360294b046c
SSDEEP

3072:Rau42Vx5xX4VCShFpDXDX8uXsu21zIl/36FZUGgfNI2/:RT42f7X4V9p8uXsuA9arfNr

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

154.91.33.137:443

49.12.113.171:8080

167.114.153.111:8080

87.106.136.232:8080

110.145.77.103:80

74.214.230.200:80

186.74.215.34:80

37.179.204.33:80

172.86.188.251:8080

75.188.96.231:80

118.83.154.64:443

209.54.13.14:80

176.113.52.6:443

97.82.79.83:80

112.185.64.233:80

119.59.116.21:8080

62.171.142.179:8080

62.75.141.82:80

139.99.158.11:443

50.91.114.38:80

rsa_pubkey.plain

Targets

- Target
  
  9f1e1fc409d82b5c6b072f2c10ca4134f3ef80e3e2b7e05a599037831f673e55
- Size
  
  176KB
- MD5
  
  ba2955d1c844d2d2db7443f341e319a5
- SHA1
  
  9b505b2a3830f4f4fa6680e54521dc4a1f17a465
- SHA256
  
  9f1e1fc409d82b5c6b072f2c10ca4134f3ef80e3e2b7e05a599037831f673e55
- SHA512
  
  3a64afa3ebca7f9435e5dc770aab98c6af15e522c5a325ab037e16a30f14d342051ff0dc313b9ac0d1fd4efe5b0c30156b2c7f03aec318dcac852360294b046c
- SSDEEP
  
  3072:Rau42Vx5xX4VCShFpDXDX8uXsu21zIl/36FZUGgfNI2/:RT42f7X4V9p8uXsuA9arfNr
Score

10^/10

emotet epoch2 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2