emotet

General

Target

a5e9fcdb7216cbe76a486398891e788523745c1c41a199c7eece360bdfde8053
Size

970KB
Sample

241121-atg48sxdrl
MD5

0332c60f7e4ffcd5c96e558eae99e531
SHA1

4c91ad35d4e998fb32240e4b7708865c9043a230
SHA256

a5e9fcdb7216cbe76a486398891e788523745c1c41a199c7eece360bdfde8053
SHA512

a4cc92fdc7580af1e5e3d83ab2e0f24870dfe692ab1c2b2531589c7c828b295e0f298c97ea43995c939eee5d906c95e08ff255d74778d790372771ef807f49f2
SSDEEP

12288:Wdq2982XqwpszV8ski5NeT0sjVZWtYz2QghDmvQhmHo9LWlNsOY8Uu0:WQ291fLski5N6ZWyz2QglbmHo9LGpa

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

187.64.128.197:80

198.57.203.63:8080

163.172.107.70:8080

212.112.113.235:80

157.7.164.178:8081

181.167.35.84:80

212.156.133.218:80

185.142.236.163:443

181.143.101.19:8080

75.127.14.170:8080

115.165.3.213:80

190.55.233.156:80

139.59.12.63:8080

144.139.91.187:80

37.70.131.107:80

181.113.229.139:443

41.185.29.128:8080

177.37.81.212:443

5.79.70.250:8080

78.188.170.128:80

rsa_pubkey.plain

Targets

- Target
  
  a5e9fcdb7216cbe76a486398891e788523745c1c41a199c7eece360bdfde8053
- Size
  
  970KB
- MD5
  
  0332c60f7e4ffcd5c96e558eae99e531
- SHA1
  
  4c91ad35d4e998fb32240e4b7708865c9043a230
- SHA256
  
  a5e9fcdb7216cbe76a486398891e788523745c1c41a199c7eece360bdfde8053
- SHA512
  
  a4cc92fdc7580af1e5e3d83ab2e0f24870dfe692ab1c2b2531589c7c828b295e0f298c97ea43995c939eee5d906c95e08ff255d74778d790372771ef807f49f2
- SSDEEP
  
  12288:Wdq2982XqwpszV8ski5NeT0sjVZWtYz2QghDmvQhmHo9LWlNsOY8Uu0:WQ291fLski5N6ZWyz2QglbmHo9LGpa
Score

10^/10

emotet epoch3 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2