emotet

General

Target

00138b28acce45e22229b18b6c454759_JaffaCakes118
Size

194KB
Sample

240425-zx7xhaeh3v
MD5

00138b28acce45e22229b18b6c454759
SHA1

f7e363666b9a4e4d38247d42624912f26ccfb280
SHA256

f7a3509282e8d7d77ddb11c9ebb3db27c3f60d4cdc76d302acacc3da3ff34357
SHA512

c970228504368bcb194cc764e28988eacd33be22690912176952fe5291b6b60d862eb18a472315ccf57d1621f257b04e48ad5c541cbf288588ea72d8960b0997
SSDEEP

3072:3ceqyCzbbaX1qFQczRf60aKx117RCPOA5eciASG/EbJnHQiM1tl5es:Vqs1q2cz807xr7AmNZAd/GnH3itF

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

50.116.86.205:8080

209.97.168.52:8080

37.187.2.199:443

149.202.197.94:8080

104.239.175.211:8080

104.131.11.150:8080

144.139.247.220:80

59.103.164.174:80

182.176.132.213:8090

87.230.19.21:8080

149.202.153.252:8080

103.39.131.88:80

107.170.24.125:8080

192.241.255.77:8080

190.145.67.134:8090

186.75.241.230:80

192.241.220.155:8080

178.210.51.222:8080

37.157.194.134:443

31.12.67.62:7080

rsa_pubkey.plain

Targets

- Target
  
  00138b28acce45e22229b18b6c454759_JaffaCakes118
- Size
  
  194KB
- MD5
  
  00138b28acce45e22229b18b6c454759
- SHA1
  
  f7e363666b9a4e4d38247d42624912f26ccfb280
- SHA256
  
  f7a3509282e8d7d77ddb11c9ebb3db27c3f60d4cdc76d302acacc3da3ff34357
- SHA512
  
  c970228504368bcb194cc764e28988eacd33be22690912176952fe5291b6b60d862eb18a472315ccf57d1621f257b04e48ad5c541cbf288588ea72d8960b0997
- SSDEEP
  
  3072:3ceqyCzbbaX1qFQczRf60aKx117RCPOA5eciASG/EbJnHQiM1tl5es:Vqs1q2cz807xr7AmNZAd/GnH3itF
Score

10^/10

emotet epoch2 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2