emotet

General

Target

36249f8982a32f8a62c46374ef8c13a1338b6304d059462d203d6b3999e5be17
Size

332KB
Sample

241121-ag9zgsxckk
MD5

32ef1f6a740f94180c08d61410d8bfe2
SHA1

32d68e273717572c37c338da0b0a9186828ecad7
SHA256

36249f8982a32f8a62c46374ef8c13a1338b6304d059462d203d6b3999e5be17
SHA512

310286eb0d3a33e903fb35cc6fb0637b4a8125d4074255ba45011980e712cd2be5b1d5f73cb93413175cda68b84a6dba99708bebe6d022800d54cb74841fadb6
SSDEEP

6144:y3q5crb5h5lp2ZzBUdONOL4BdXE6264/U0RaePM11tDd7QPvYGEPJKT42+8PQQS:y3acrplp+yONOsC6puE11tDleXEPJw+h

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

186.103.141.250:443

89.32.150.160:8080

149.62.173.247:8080

104.131.41.185:8080

82.240.207.95:443

46.28.111.142:7080

93.151.186.85:80

217.13.106.14:8080

111.67.12.221:8080

189.194.58.119:80

192.241.146.84:8080

143.0.87.101:80

177.73.0.98:443

68.183.170.114:8080

212.231.60.98:80

186.250.52.226:8080

73.116.193.136:80

201.213.156.176:80

190.17.195.202:80

104.131.103.37:8080

rsa_pubkey.plain

Targets

- Target
  
  36249f8982a32f8a62c46374ef8c13a1338b6304d059462d203d6b3999e5be17
- Size
  
  332KB
- MD5
  
  32ef1f6a740f94180c08d61410d8bfe2
- SHA1
  
  32d68e273717572c37c338da0b0a9186828ecad7
- SHA256
  
  36249f8982a32f8a62c46374ef8c13a1338b6304d059462d203d6b3999e5be17
- SHA512
  
  310286eb0d3a33e903fb35cc6fb0637b4a8125d4074255ba45011980e712cd2be5b1d5f73cb93413175cda68b84a6dba99708bebe6d022800d54cb74841fadb6
- SSDEEP
  
  6144:y3q5crb5h5lp2ZzBUdONOL4BdXE6264/U0RaePM11tDd7QPvYGEPJKT42+8PQQS:y3acrplp+yONOsC6puE11tDleXEPJw+h
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2