emotet

General

Target

0419335ef60185644156c0b94fa9ba01_JaffaCakes118
Size

504KB
Sample

240428-b52tfsdg5y
MD5

0419335ef60185644156c0b94fa9ba01
SHA1

291989647ea6d50f12fe558615c4bced0a243872
SHA256

dec43e5151938c62ee5b3908beccd4bc8040106255978253ca3cec421a917645
SHA512

a6532e3b499ee5d3262a2b46f62de56876d5687aab4c6226047e7716714d872ebd341e3dd9c1a59b679928a974ad23e60b4fe9f8dd12688a4a3d0a1ec85331e7
SSDEEP

6144:PebeJq15KNVIjux9tE9dVyAhwoajYPNo4ahRFPhpxOtYS0xefNPf+R6axxVccVPo:W5KNgux9t0VyAShUPCRdUi8cVRPw17i

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

45.33.54.74:443

209.141.41.136:8080

104.236.246.93:8080

198.199.114.69:8080

152.89.236.214:8080

87.106.136.232:8080

178.210.51.222:8080

115.78.95.230:443

201.251.43.69:8080

200.51.94.251:80

31.172.240.91:8080

182.176.132.213:8090

45.33.49.124:443

181.143.53.227:21

186.4.172.5:443

85.104.59.244:20

5.196.74.210:8080

37.157.194.134:443

190.226.44.20:21

86.98.25.30:53

rsa_pubkey.plain

Targets

- Target
  
  0419335ef60185644156c0b94fa9ba01_JaffaCakes118
- Size
  
  504KB
- MD5
  
  0419335ef60185644156c0b94fa9ba01
- SHA1
  
  291989647ea6d50f12fe558615c4bced0a243872
- SHA256
  
  dec43e5151938c62ee5b3908beccd4bc8040106255978253ca3cec421a917645
- SHA512
  
  a6532e3b499ee5d3262a2b46f62de56876d5687aab4c6226047e7716714d872ebd341e3dd9c1a59b679928a974ad23e60b4fe9f8dd12688a4a3d0a1ec85331e7
- SSDEEP
  
  6144:PebeJq15KNVIjux9tE9dVyAhwoajYPNo4ahRFPhpxOtYS0xefNPf+R6axxVccVPo:W5KNgux9t0VyAShUPCRdUi8cVRPw17i
Score

10^/10

emotet epoch2 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2