emotet

General

Target

4ad916930897e17e8615e204755b6364_icedid_JC.exe
Size

544KB
Sample

230803-tg2gwsfd2w
MD5

4ad916930897e17e8615e204755b6364
SHA1

efb28c2e27bc394ac9eb1fcba274e8a555226699
SHA256

a9770aa368e97fe2c63f2c7b6a4f4e2bc15dddc6d827f470f0932b80571201c6
SHA512

813dd252651247d154d852c588b0c89f22d8a9fd0921a605c5f462975eb413d3f8bbe4ef81ca6a77b6b810c3f6c2f13c4415f76b1bd46c65d5761cc95cacad45
SSDEEP

12288:NWU9176LQVZE+RjyHBLcmacsitPbD5bZ4zc:N/qQzE+ROH5vft

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

47.36.140.164:80

169.50.76.149:8080

162.241.140.129:8080

104.131.123.136:443

95.213.236.64:8080

130.0.132.242:80

123.176.25.234:80

46.105.131.79:8080

157.245.99.39:8080

79.98.24.39:8080

49.50.209.131:80

72.143.73.234:443

50.91.114.38:80

89.216.122.92:80

5.39.91.110:7080

121.124.124.40:7080

71.72.196.159:80

5.196.74.210:8080

139.162.108.71:8080

61.19.246.238:443

rsa_pubkey.plain

Targets

- Target
  
  4ad916930897e17e8615e204755b6364_icedid_JC.exe
- Size
  
  544KB
- MD5
  
  4ad916930897e17e8615e204755b6364
- SHA1
  
  efb28c2e27bc394ac9eb1fcba274e8a555226699
- SHA256
  
  a9770aa368e97fe2c63f2c7b6a4f4e2bc15dddc6d827f470f0932b80571201c6
- SHA512
  
  813dd252651247d154d852c588b0c89f22d8a9fd0921a605c5f462975eb413d3f8bbe4ef81ca6a77b6b810c3f6c2f13c4415f76b1bd46c65d5761cc95cacad45
- SSDEEP
  
  12288:NWU9176LQVZE+RjyHBLcmacsitPbD5bZ4zc:N/qQzE+ROH5vft
Score

10^/10

emotet epoch2 banker dave trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
- Dave packer
  Detects executable using a packer named 'Dave' by the community, based on a string at the end.
  dave
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet payload

Dave packer

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2