emotet

General

Target

2b52f4e2e8c59dd57b0e524cc6413453_JaffaCakes118
Size

682KB
Sample

240509-w7garabf69
MD5

2b52f4e2e8c59dd57b0e524cc6413453
SHA1

c36b425f3ac613dfaaca40d8f59f1010d2c932f4
SHA256

ab2ed84882ebd178e1d19f8f2095e022fbf795a7d44411b5632297e17c985703
SHA512

7c2eeab70dd027730f1dea02ffe567a1503d450c8c716cef7b2656dc01e72927c661c88eb344909c19b26f5a23c12670169fde76b2f6a37e635e305bf1acec7e
SSDEEP

12288:CSu+QgGEsmeKVFXIA33nrbDSL3bhHInj3MqhOHoRlfDcmL8jtvxwrygF:l/QQsmeKVFXIA33n3WL3bhH43+SZN8j1

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

181.198.203.45:443

70.45.30.28:80

211.110.229.161:443

193.34.144.138:8080

74.208.173.91:8080

154.120.227.206:8080

124.150.175.133:80

192.163.221.191:8080

95.216.207.86:7080

142.93.87.198:8080

216.75.37.196:8080

181.47.235.26:993

198.57.217.170:8080

176.58.93.123:80

94.177.253.126:80

83.169.33.157:8080

186.18.224.149:80

157.7.164.178:8081

192.241.220.183:8080

216.70.88.55:8080

rsa_pubkey.plain

Targets

- Target
  
  2b52f4e2e8c59dd57b0e524cc6413453_JaffaCakes118
- Size
  
  682KB
- MD5
  
  2b52f4e2e8c59dd57b0e524cc6413453
- SHA1
  
  c36b425f3ac613dfaaca40d8f59f1010d2c932f4
- SHA256
  
  ab2ed84882ebd178e1d19f8f2095e022fbf795a7d44411b5632297e17c985703
- SHA512
  
  7c2eeab70dd027730f1dea02ffe567a1503d450c8c716cef7b2656dc01e72927c661c88eb344909c19b26f5a23c12670169fde76b2f6a37e635e305bf1acec7e
- SSDEEP
  
  12288:CSu+QgGEsmeKVFXIA33nrbDSL3bhHInj3MqhOHoRlfDcmL8jtvxwrygF:l/QQsmeKVFXIA33n3WL3bhH43+SZN8j1
Score

10^/10

emotet epoch3 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2