emotet

General

Target

2024-03-20_1091c1c1fdbd45cb3427954a5e4c1337_icedid
Size

192KB
Sample

240320-y6mggsbb3v
MD5

1091c1c1fdbd45cb3427954a5e4c1337
SHA1

98e9dd8a1b3d0fd29199955e817af544104b5ce9
SHA256

087964775dc3c44a4e732a5ccad079ed230c444f567a4cf7c5564bc31875fc98
SHA512

5447c99f8015b4d4f26bb9c51903bdbf3dacc6b019d8e28630eadbbfd912b017d5a09722e427f39983d6b94d1d0afce182f4e05bbd6c80a5ac2b35bb9d4b9d2e
SSDEEP

3072:dRZLLKF311qOaUlc7XBGbuQickfJ4/sWjk3lGz5JuRQ6FSpuAHkruD:/C13aU2LYCVD4//D5J6FSp30

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

195.76.232.114:80

82.223.70.24:8080

45.33.49.124:443

136.243.205.112:7080

110.145.77.103:80

74.208.45.104:8080

24.94.237.248:80

186.208.123.210:443

67.235.68.222:80

209.151.248.242:8080

200.41.121.90:80

5.196.74.210:8080

201.173.217.124:443

185.155.20.82:80

139.130.242.43:80

114.145.241.208:80

168.235.67.138:7080

162.241.92.219:8080

98.156.206.153:80

101.187.97.173:80

rsa_pubkey.plain

Targets

- Target
  
  2024-03-20_1091c1c1fdbd45cb3427954a5e4c1337_icedid
- Size
  
  192KB
- MD5
  
  1091c1c1fdbd45cb3427954a5e4c1337
- SHA1
  
  98e9dd8a1b3d0fd29199955e817af544104b5ce9
- SHA256
  
  087964775dc3c44a4e732a5ccad079ed230c444f567a4cf7c5564bc31875fc98
- SHA512
  
  5447c99f8015b4d4f26bb9c51903bdbf3dacc6b019d8e28630eadbbfd912b017d5a09722e427f39983d6b94d1d0afce182f4e05bbd6c80a5ac2b35bb9d4b9d2e
- SSDEEP
  
  3072:dRZLLKF311qOaUlc7XBGbuQickfJ4/sWjk3lGz5JuRQ6FSpuAHkruD:/C13aU2LYCVD4//D5J6FSp30
Score

10^/10

emotet epoch2 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2