emotet

General

Target

29f74bfbe0c5bc42db95f9af7b2e9cf9_JaffaCakes118
Size

667KB
Sample

240509-pmfp6acc56
MD5

29f74bfbe0c5bc42db95f9af7b2e9cf9
SHA1

fabd4cd9ebabfb4ad552025fd673dc7aae2cf12d
SHA256

d0b57d891a4ac49961cf24e99f402f07fe3a47fd6a257a94871d0d313bde289d
SHA512

8087a15feb28002c0c68418dd4b1891f54a0a03de8bdf663b2daceb7dd248e01775d8a70194a0591118e227c7b3d92a7275c239889509b3304d04649463f368c
SSDEEP

12288:76JJG//tnC5VCFSoDpaQlHfl6mCiWDaBMNCQbnG:76J6/tniVNoDgQVN6mCip9QbG

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

202.22.141.45:80

37.187.161.206:8080

202.29.239.162:443

80.87.201.221:7080

82.76.111.249:443

216.47.196.104:80

192.241.143.52:8080

192.81.38.31:80

87.106.253.248:8080

64.201.88.132:80

192.241.146.84:8080

12.162.84.2:8080

1.226.84.243:8080

177.129.17.170:443

202.134.4.210:7080

70.169.17.134:80

152.169.22.67:80

5.196.35.138:7080

138.97.60.141:7080

203.205.28.68:80

rsa_pubkey.plain

Targets

- Target
  
  29f74bfbe0c5bc42db95f9af7b2e9cf9_JaffaCakes118
- Size
  
  667KB
- MD5
  
  29f74bfbe0c5bc42db95f9af7b2e9cf9
- SHA1
  
  fabd4cd9ebabfb4ad552025fd673dc7aae2cf12d
- SHA256
  
  d0b57d891a4ac49961cf24e99f402f07fe3a47fd6a257a94871d0d313bde289d
- SHA512
  
  8087a15feb28002c0c68418dd4b1891f54a0a03de8bdf663b2daceb7dd248e01775d8a70194a0591118e227c7b3d92a7275c239889509b3304d04649463f368c
- SSDEEP
  
  12288:76JJG//tnC5VCFSoDpaQlHfl6mCiWDaBMNCQbnG:76J6/tniVNoDgQVN6mCip9QbG
Score

10^/10

emotet epoch1 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet payload

Executes dropped EXE

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2