emotet

General

Target

3f7661618766982e60574880cd8942451c297d589bc90fe60362cfb82fd0e36aN.exe
Size

60KB
Sample

241122-lrdjtatrhq
MD5

3906663dd0be62fb07ba01fdf743a920
SHA1

f96c8c55ea92db5ae44ae24c107e893f6eebe357
SHA256

3f7661618766982e60574880cd8942451c297d589bc90fe60362cfb82fd0e36a
SHA512

3f6bf8415a1c79a6caca5c81717fde4685206cc90a115e2ec0d785801f7bc1a662465e7b14cc18672394a9104527e9432c9338c1a9dc46e49621da6fac2c504d
SSDEEP

1536:t0LOjAkxrCsdJL6jYFO2sZgKW+Vf2r4C:vjAnsdF6jAO2xp+VVC

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

107.185.211.16:80

96.8.113.4:8080

153.126.210.205:7080

47.146.117.214:80

104.131.44.150:8080

169.239.182.217:8080

95.179.229.244:8080

209.182.216.177:443

209.141.54.221:8080

5.196.74.210:8080

72.12.127.184:443

104.131.11.150:443

200.55.243.138:8080

116.203.32.252:8080

142.105.151.124:443

81.2.235.111:8080

74.120.55.163:80

167.86.90.214:8080

87.106.139.101:8080

37.139.21.175:8080

rsa_pubkey.plain

1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhANQOcBKvh5xEW7VcJ9totsjdBwuAclxS
3
Q0e09fk8V053lktpW3TRrzAW63yt6j1KWnyxMrU3igFXypBoI4lVNmkje4UPtIIS
4
fkzjEIvG1v/ZNn1k0J0PfFTxbFFeUEs3AwIDAQAB
5
-----END PUBLIC KEY-----

Targets

- Target
  
  3f7661618766982e60574880cd8942451c297d589bc90fe60362cfb82fd0e36aN.exe
- Size
  
  60KB
- MD5
  
  3906663dd0be62fb07ba01fdf743a920
- SHA1
  
  f96c8c55ea92db5ae44ae24c107e893f6eebe357
- SHA256
  
  3f7661618766982e60574880cd8942451c297d589bc90fe60362cfb82fd0e36a
- SHA512
  
  3f6bf8415a1c79a6caca5c81717fde4685206cc90a115e2ec0d785801f7bc1a662465e7b14cc18672394a9104527e9432c9338c1a9dc46e49621da6fac2c504d
- SSDEEP
  
  1536:t0LOjAkxrCsdJL6jYFO2sZgKW+Vf2r4C:vjAnsdF6jAO2xp+VVC
Score

10^/10

emotet epoch2 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.