emotet

General

Target

ad47ab2a747ea46697cc6ae58cc69b22_icedid_JC.exe
Size

476KB
Sample

230827-sq1fhsag75
MD5

ad47ab2a747ea46697cc6ae58cc69b22
SHA1

94bff30727be4cd92bf479b936dfa0b1309993a3
SHA256

fcc358148d7829d44b1ff8902201d7abde6d90785b02a6c05429e0486a2af1bd
SHA512

9d07bffc64564e7ef63646d5e2659230f1839bd581e560b800f75b8e5e796bbe00148408c110d11b15e776404ad0b197f0d544369e61459e99cb93e79c98f9f1
SSDEEP

12288:etcirH5cDRjVuC23qDBLcmacsitPbD5bZ4zc:QkuC23qD5vft

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

188.157.101.114:80

192.175.111.214:8080

95.85.33.23:8080

192.232.229.54:7080

181.30.61.163:443

186.70.127.199:8090

200.127.14.97:80

70.169.17.134:80

24.232.228.233:80

172.104.169.32:8080

50.28.51.143:8080

177.73.0.98:443

149.202.72.142:7080

37.187.161.206:8080

202.29.239.162:443

213.197.182.158:8080

202.134.4.210:7080

190.24.243.186:80

201.213.177.139:80

105.209.235.113:8080

rsa_pubkey.plain

Targets

- Target
  
  ad47ab2a747ea46697cc6ae58cc69b22_icedid_JC.exe
- Size
  
  476KB
- MD5
  
  ad47ab2a747ea46697cc6ae58cc69b22
- SHA1
  
  94bff30727be4cd92bf479b936dfa0b1309993a3
- SHA256
  
  fcc358148d7829d44b1ff8902201d7abde6d90785b02a6c05429e0486a2af1bd
- SHA512
  
  9d07bffc64564e7ef63646d5e2659230f1839bd581e560b800f75b8e5e796bbe00148408c110d11b15e776404ad0b197f0d544369e61459e99cb93e79c98f9f1
- SSDEEP
  
  12288:etcirH5cDRjVuC23qDBLcmacsitPbD5bZ4zc:QkuC23qD5vft
Score

10^/10

emotet epoch1 banker dave trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
- Dave packer
  Detects executable using a packer named 'Dave' by the community, based on a string at the end.
  dave
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet payload

Dave packer

Executes dropped EXE

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2