emotet

General

Target

918911a63d1eb811bff602ed043e47f8b9eb59320b535c58da315b281db7d149.exe
Size

852KB
Sample

241124-ymjw9asmcr
MD5

01e2afb71c4cc1b6493af6a4c08d5db9
SHA1

9972e5406edb9f721bd1de3ffa6e7b17d629ef83
SHA256

918911a63d1eb811bff602ed043e47f8b9eb59320b535c58da315b281db7d149
SHA512

f4fa564d3cdbaf21c84a217965999bebe12411948e0044cc2fb4e60255bb7dc1dc9e1fb25c1e2eed90a7ba679774f25ea1846398b6f4fa2b3b1aeff2e7365555
SSDEEP

12288:op63KfH3sS7wyEkf2vy/x2IuOR/qBdDDm+0JSmS0:ol3sswyEklp2yRyBdm3

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

82.76.111.249:443

116.125.120.88:443

217.160.182.191:8080

189.1.185.98:8080

189.194.58.119:80

213.181.91.224:80

219.92.13.25:80

190.6.193.152:8080

61.92.159.208:8080

209.236.123.42:8080

12.162.84.2:8080

190.147.137.153:443

104.131.103.37:8080

212.231.60.98:80

202.62.39.111:80

82.240.207.95:443

170.81.48.2:80

177.74.228.34:80

82.196.15.205:8080

114.109.179.60:80

rsa_pubkey.plain

1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOZ9fLJ8UrI0OZURpPsR3eijAyfPj3z6
3
uS75f2igmYFW2aWgNcFIzsAYQleKzD0nlCFHOo7Zf8/4wY2UW0CJ4dJEHnE/PHlz
4
6uNk3pxjm7o4eCDyiJbzf+k0Azjl0q54FQIDAQAB
5
-----END PUBLIC KEY-----

Targets

- Target
  
  918911a63d1eb811bff602ed043e47f8b9eb59320b535c58da315b281db7d149.exe
- Size
  
  852KB
- MD5
  
  01e2afb71c4cc1b6493af6a4c08d5db9
- SHA1
  
  9972e5406edb9f721bd1de3ffa6e7b17d629ef83
- SHA256
  
  918911a63d1eb811bff602ed043e47f8b9eb59320b535c58da315b281db7d149
- SHA512
  
  f4fa564d3cdbaf21c84a217965999bebe12411948e0044cc2fb4e60255bb7dc1dc9e1fb25c1e2eed90a7ba679774f25ea1846398b6f4fa2b3b1aeff2e7365555
- SSDEEP
  
  12288:op63KfH3sS7wyEkf2vy/x2IuOR/qBdDDm+0JSmS0:ol3sswyEklp2yRyBdm3
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.