emotet

General

Target

2024-02-27_a0d59f08eed669cbd86e45d69cc09011_icedid
Size

348KB
Sample

240227-p1kahahf2y
MD5

a0d59f08eed669cbd86e45d69cc09011
SHA1

e2c862e0eba43c38b648386e66ff9af9b455bf9a
SHA256

15aed8335f3716432ab3730522e2f5ea5da82568707e4e21ce42a78a27cd734a
SHA512

573c82cd2379c7d90ae20cc1022e43b731e3bc930c1565f5947e997bf4e1359666f9c6fe226c640464784f684c387e6839003b26910a0c31a1bddac880885c8d
SSDEEP

6144:JA+UhzHaeuiv4z9sKXA3ha5M6pZ0Z1kGgOO+Jdr+FsrS3EPfc3mWT9GP:JA+UFaexg5seAEM6pO1bDJditEPUH9

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

202.22.141.45:80

37.187.161.206:8080

202.29.239.162:443

80.87.201.221:7080

82.76.111.249:443

216.47.196.104:80

192.241.143.52:8080

192.81.38.31:80

87.106.253.248:8080

64.201.88.132:80

192.241.146.84:8080

12.162.84.2:8080

1.226.84.243:8080

177.129.17.170:443

202.134.4.210:7080

70.169.17.134:80

152.169.22.67:80

5.196.35.138:7080

138.97.60.141:7080

203.205.28.68:80

rsa_pubkey.plain

Targets

- Target
  
  2024-02-27_a0d59f08eed669cbd86e45d69cc09011_icedid
- Size
  
  348KB
- MD5
  
  a0d59f08eed669cbd86e45d69cc09011
- SHA1
  
  e2c862e0eba43c38b648386e66ff9af9b455bf9a
- SHA256
  
  15aed8335f3716432ab3730522e2f5ea5da82568707e4e21ce42a78a27cd734a
- SHA512
  
  573c82cd2379c7d90ae20cc1022e43b731e3bc930c1565f5947e997bf4e1359666f9c6fe226c640464784f684c387e6839003b26910a0c31a1bddac880885c8d
- SSDEEP
  
  6144:JA+UhzHaeuiv4z9sKXA3ha5M6pZ0Z1kGgOO+Jdr+FsrS3EPfc3mWT9GP:JA+UFaexg5seAEM6pO1bDJditEPUH9
Score

10^/10

emotet epoch1 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Emotet payload

Executes dropped EXE

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2