emotet

General

Target

7652ee20c4fb7131453f9d88264bc10f28f35f7f65d6fca7c2fc57fa049fc175
Size

341KB
Sample

250106-dn56natrbz
MD5

5fd339d25de7fb606cac61643f1ad5ab
SHA1

e5d25cb03e3da91ba3c50f60df5bc8afeffd2b7b
SHA256

7652ee20c4fb7131453f9d88264bc10f28f35f7f65d6fca7c2fc57fa049fc175
SHA512

2cc8cf40b35025db5cc9a9650e4872f365079a16756669a72858e1f4b131b222d2fb2860509ecc13963ad1ec06985765ef8210774d91c1c1bc5ebb1a682df5bb
SSDEEP

6144:VaKGFRDWxCvoqDV8ZGU9Li0VBh0XjYLsLZCj8Hqd0u4LLF:4W1qGZbLV+LC4H11

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

173.68.199.157:80

59.148.253.194:8080

173.212.197.71:8080

98.103.204.12:443

2.45.176.233:80

45.33.77.42:8080

181.58.181.9:80

219.92.13.25:80

12.163.208.58:80

2.85.9.41:8080

172.104.169.32:8080

149.202.72.142:7080

189.223.16.99:80

216.47.196.104:80

191.97.154.2:80

213.197.182.158:8080

94.176.234.118:443

46.105.114.137:8080

177.144.130.105:8080

174.118.202.24:443

rsa_pubkey.plain

1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOZ9fLJ8UrI0OZURpPsR3eijAyfPj3z6
3
uS75f2igmYFW2aWgNcFIzsAYQleKzD0nlCFHOo7Zf8/4wY2UW0CJ4dJEHnE/PHlz
4
6uNk3pxjm7o4eCDyiJbzf+k0Azjl0q54FQIDAQAB
5
-----END PUBLIC KEY-----

Targets

- Target
  
  7652ee20c4fb7131453f9d88264bc10f28f35f7f65d6fca7c2fc57fa049fc175
- Size
  
  341KB
- MD5
  
  5fd339d25de7fb606cac61643f1ad5ab
- SHA1
  
  e5d25cb03e3da91ba3c50f60df5bc8afeffd2b7b
- SHA256
  
  7652ee20c4fb7131453f9d88264bc10f28f35f7f65d6fca7c2fc57fa049fc175
- SHA512
  
  2cc8cf40b35025db5cc9a9650e4872f365079a16756669a72858e1f4b131b222d2fb2860509ecc13963ad1ec06985765ef8210774d91c1c1bc5ebb1a682df5bb
- SSDEEP
  
  6144:VaKGFRDWxCvoqDV8ZGU9Li0VBh0XjYLsLZCj8Hqd0u4LLF:4W1qGZbLV+LC4H11
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.