emotet

General

Target

4473e1406415a70312e54713b3ee5461_JaffaCakes118
Size

456KB
Sample

240515-ejg4psgb31
MD5

4473e1406415a70312e54713b3ee5461
SHA1

187d38f6674c38a4c968fc3ea25ccce89f111f59
SHA256

003f19a4d9c1af6c87b437385d5274bb39fc4499264dbde7dcf76f5db1f351fa
SHA512

3c0846414ab9d89a1d8328ce4f0275c717007234f42a446ce7c181791ed86d48d435c502a72086154967f7cf32fec1b9e7288ed8e515abe103a1febf7a233745
SSDEEP

12288:+WltbWzANyY0ScqrA1lJW5FvigtlTRCH2l:nbyY0hqrA1lyTRCH2l

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

75.80.124.4:80

134.209.36.254:8080

104.156.59.7:8080

120.138.30.150:8080

107.5.122.110:80

195.251.213.56:80

91.211.88.52:7080

79.98.24.39:8080

75.139.38.211:80

82.225.49.121:80

162.241.242.173:8080

94.1.108.190:443

85.105.205.77:8080

181.169.34.190:80

24.179.13.119:80

139.59.67.118:443

82.80.155.43:80

50.91.114.38:80

93.147.212.206:80

153.232.188.106:80

rsa_pubkey.plain

1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhANQOcBKvh5xEW7VcJ9totsjdBwuAclxS
3
Q0e09fk8V053lktpW3TRrzAW63yt6j1KWnyxMrU3igFXypBoI4lVNmkje4UPtIIS
4
fkzjEIvG1v/ZNn1k0J0PfFTxbFFeUEs3AwIDAQAB
5
-----END PUBLIC KEY-----

Targets

- Target
  
  4473e1406415a70312e54713b3ee5461_JaffaCakes118
- Size
  
  456KB
- MD5
  
  4473e1406415a70312e54713b3ee5461
- SHA1
  
  187d38f6674c38a4c968fc3ea25ccce89f111f59
- SHA256
  
  003f19a4d9c1af6c87b437385d5274bb39fc4499264dbde7dcf76f5db1f351fa
- SHA512
  
  3c0846414ab9d89a1d8328ce4f0275c717007234f42a446ce7c181791ed86d48d435c502a72086154967f7cf32fec1b9e7288ed8e515abe103a1febf7a233745
- SSDEEP
  
  12288:+WltbWzANyY0ScqrA1lJW5FvigtlTRCH2l:nbyY0hqrA1lyTRCH2l
Score

10^/10

emotet epoch2 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet payload

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

We care about your privacy.