emotet

General

Target

ad283c9c95a98355bace8034cb43efbb8266a13cb7e2dfc9617a50528a115248
Size

219KB
Sample

241121-a722kaxgpr
MD5

ca0583ea7d80b5d10ba33e6b49a91d07
SHA1

11a126226792f4373f8963e3b5ac832580f19b16
SHA256

ad283c9c95a98355bace8034cb43efbb8266a13cb7e2dfc9617a50528a115248
SHA512

63c4983ccd95f711b5081a1e0ee4894118823a7001466c0c9c333393be63e18cb2503c2520b1ef887ff05fa34703cffc92a6f640fed434a9822171ae6365c445
SSDEEP

6144:nbOAxKIiawQSu3IF9UtNRW9l1QAVzEAvv2OqsPa4HT0i4LFMEJf8Me5w6B:n4IiawQSu3IF9UtNRW9l1QAVzEU+OZ3D

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

67.163.161.107:80

107.170.146.252:8080

173.212.214.235:7080

167.114.153.111:8080

185.94.252.104:443

110.142.236.207:80

194.187.133.160:443

218.147.193.146:80

172.104.97.173:8080

216.139.123.119:80

50.91.114.38:80

202.134.4.211:8080

113.61.66.94:80

139.99.158.11:443

62.171.142.179:8080

37.139.21.175:8080

190.108.228.27:443

94.23.237.171:443

154.91.33.137:443

201.241.127.190:80

rsa_pubkey.plain

Targets

- Target
  
  ad283c9c95a98355bace8034cb43efbb8266a13cb7e2dfc9617a50528a115248
- Size
  
  219KB
- MD5
  
  ca0583ea7d80b5d10ba33e6b49a91d07
- SHA1
  
  11a126226792f4373f8963e3b5ac832580f19b16
- SHA256
  
  ad283c9c95a98355bace8034cb43efbb8266a13cb7e2dfc9617a50528a115248
- SHA512
  
  63c4983ccd95f711b5081a1e0ee4894118823a7001466c0c9c333393be63e18cb2503c2520b1ef887ff05fa34703cffc92a6f640fed434a9822171ae6365c445
- SSDEEP
  
  6144:nbOAxKIiawQSu3IF9UtNRW9l1QAVzEAvv2OqsPa4HT0i4LFMEJf8Me5w6B:n4IiawQSu3IF9UtNRW9l1QAVzEU+OZ3D
Score

10^/10

emotet epoch2 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2