emotet

General

Target

2025-02-13_90fed2855f0003495ff60d47ddad14a8_icedid
Size

456KB
Sample

250216-cq22caxmex
MD5

90fed2855f0003495ff60d47ddad14a8
SHA1

c5963014a06d55ab68ee393c0fd255fe9244d3b0
SHA256

4e8029a6c642310474a2baf6a1b0f655856ca39c5b944247435c0ee6daf16c8f
SHA512

8290dd62e2c79e5e6d848633fd2cdf73940f27e71e0c4d8e16588d67f82c9f7945f24f1898a27d9e2e04afe2a2319d52497e66b4aa8ac0e2979af450a2238f9a
SSDEEP

12288:sH9tNCsqbIoCyJgllh/krhMQUqKsRR2B9:ytEfbjJglvqyB9

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

24.249.135.121:80

185.94.252.13:443

149.62.173.247:8080

50.28.51.143:8080

80.249.176.206:80

5.196.35.138:7080

190.17.195.202:80

143.0.87.101:80

190.147.137.153:443

181.30.69.50:80

51.255.165.160:8080

190.96.118.251:443

72.47.248.48:7080

178.79.163.131:8080

212.231.60.98:80

187.162.248.237:80

2.47.112.152:80

68.183.190.199:8080

192.241.143.52:8080

77.55.211.77:8080

rsa_pubkey.plain

1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOZ9fLJ8UrI0OZURpPsR3eijAyfPj3z6
3
uS75f2igmYFW2aWgNcFIzsAYQleKzD0nlCFHOo7Zf8/4wY2UW0CJ4dJEHnE/PHlz
4
6uNk3pxjm7o4eCDyiJbzf+k0Azjl0q54FQIDAQAB
5
-----END PUBLIC KEY-----

Targets

- Target
  
  2025-02-13_90fed2855f0003495ff60d47ddad14a8_icedid
- Size
  
  456KB
- MD5
  
  90fed2855f0003495ff60d47ddad14a8
- SHA1
  
  c5963014a06d55ab68ee393c0fd255fe9244d3b0
- SHA256
  
  4e8029a6c642310474a2baf6a1b0f655856ca39c5b944247435c0ee6daf16c8f
- SHA512
  
  8290dd62e2c79e5e6d848633fd2cdf73940f27e71e0c4d8e16588d67f82c9f7945f24f1898a27d9e2e04afe2a2319d52497e66b4aa8ac0e2979af450a2238f9a
- SSDEEP
  
  12288:sH9tNCsqbIoCyJgllh/krhMQUqKsRR2B9:ytEfbjJglvqyB9
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
- Downloads MZ/PE file
behavioral1 behavioral2