emotet

General

Target

a92664ee568926a08eeb64296c8666809fe625e02c94fb1f3b0f21cfbf0c9cb6.exe
Size

364KB
Sample

250205-krvmnayqdt
MD5

c117bf9076e2adf0c8b46cc4958485ee
SHA1

118fb546c4f0cd1fe93425f1030e6260890918cd
SHA256

a92664ee568926a08eeb64296c8666809fe625e02c94fb1f3b0f21cfbf0c9cb6
SHA512

47e61ca0ca3f29ddafa94c45eb8dd22f0dff6752faf838006ff1305f1806d4d79a1c5d3abbf3af2e4d379c2586d814f13499961ebadcc5402ba140657fdedb48
SSDEEP

6144:Bq7qn/fjMREXGdAEsas1JeaTb+3Lhr1C8J/XO6Mbe:Bq/RjdAKcJHTK7J1CAJ/

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

2.45.176.233:80

98.103.204.12:443

172.86.186.21:8080

192.175.111.214:8080

109.190.249.106:80

177.144.130.105:8080

70.32.84.74:8080

192.81.38.31:80

138.97.60.140:8080

189.223.16.99:80

175.143.12.123:8080

190.115.18.139:8080

170.81.48.2:80

5.196.35.138:7080

172.104.169.32:8080

178.250.54.208:8080

185.94.252.27:443

46.105.114.137:8080

79.118.74.90:80

70.169.17.134:80

rsa_pubkey.plain

Targets

- Target
  
  a92664ee568926a08eeb64296c8666809fe625e02c94fb1f3b0f21cfbf0c9cb6.exe
- Size
  
  364KB
- MD5
  
  c117bf9076e2adf0c8b46cc4958485ee
- SHA1
  
  118fb546c4f0cd1fe93425f1030e6260890918cd
- SHA256
  
  a92664ee568926a08eeb64296c8666809fe625e02c94fb1f3b0f21cfbf0c9cb6
- SHA512
  
  47e61ca0ca3f29ddafa94c45eb8dd22f0dff6752faf838006ff1305f1806d4d79a1c5d3abbf3af2e4d379c2586d814f13499961ebadcc5402ba140657fdedb48
- SSDEEP
  
  6144:Bq7qn/fjMREXGdAEsas1JeaTb+3Lhr1C8J/XO6Mbe:Bq/RjdAKcJHTK7J1CAJ/
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Emotet payload

Executes dropped EXE

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2