emotet

General

Target

494cb9e550e3850c129754292c69267d70833314a32a0041955a86b81732e425N.exe
Size

60KB
Sample

241126-qcldbssmct
MD5

c4c5814b341c0e59a9804702d0b7c430
SHA1

e9d181be9078268e08d4d17bd57cbe582f5622ef
SHA256

494cb9e550e3850c129754292c69267d70833314a32a0041955a86b81732e425
SHA512

1657c5a10b6f233e006fcc28ba4b35d64af2dc2a8d4c9d62dd91c439aa3312ade61346c0a7bd3dba0c721e95eb0bbc08a7d7417cf788a9015c64707ef5a62bad
SSDEEP

768:LiEgbXnp5TK0LR8n4oWPj7M3EE5U6CNedJL6jk9CJExFO2smXKZ6KW+DZXWQ2WmW:t0LOjA6PCsdJL6jYFO2sZgKW+Vf2r4C

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

107.185.211.16:80

96.8.113.4:8080

153.126.210.205:7080

47.146.117.214:80

104.131.44.150:8080

169.239.182.217:8080

95.179.229.244:8080

209.182.216.177:443

209.141.54.221:8080

5.196.74.210:8080

72.12.127.184:443

104.131.11.150:443

200.55.243.138:8080

116.203.32.252:8080

142.105.151.124:443

81.2.235.111:8080

74.120.55.163:80

167.86.90.214:8080

87.106.139.101:8080

37.139.21.175:8080

rsa_pubkey.plain

Targets

- Target
  
  494cb9e550e3850c129754292c69267d70833314a32a0041955a86b81732e425N.exe
- Size
  
  60KB
- MD5
  
  c4c5814b341c0e59a9804702d0b7c430
- SHA1
  
  e9d181be9078268e08d4d17bd57cbe582f5622ef
- SHA256
  
  494cb9e550e3850c129754292c69267d70833314a32a0041955a86b81732e425
- SHA512
  
  1657c5a10b6f233e006fcc28ba4b35d64af2dc2a8d4c9d62dd91c439aa3312ade61346c0a7bd3dba0c721e95eb0bbc08a7d7417cf788a9015c64707ef5a62bad
- SSDEEP
  
  768:LiEgbXnp5TK0LR8n4oWPj7M3EE5U6CNedJL6jk9CJExFO2smXKZ6KW+DZXWQ2WmW:t0LOjA6PCsdJL6jYFO2sZgKW+Vf2r4C
Score

10^/10

emotet epoch2 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2