emotet

General

Target

45c4092184d290e23c2dfd45e823bf8a_JaffaCakes118
Size

97KB
Sample

240515-mmnpnade53
MD5

45c4092184d290e23c2dfd45e823bf8a
SHA1

986a219e61c646ba1c40344adab6c65b95bb0258
SHA256

ac5564766899e60fe1b9168fde2479c495d08ee002772d1674ffd90dbd4360f0
SHA512

44d8a874b78810e76d25ae4985f6b0ec9f3e30ec7cef9e892fc3956c0dac459e14f1f9374476272b03bdf46c4c17b8e141f25172a16a12fde1a73a1cec78bfbe
SSDEEP

1536:lEHrMiB/Hf4WsPMzCxVHkMU6pZmaLQmWEw1NGn/heGz2A50Cf9w4j/:mr/sPMOXJUWL/WEcc/hZzH50uTD

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

190.79.251.99:21

189.245.216.217:143

189.189.214.1:21

62.75.171.248:7080

133.130.73.156:8080

203.150.19.63:443

216.154.222.52:7080

149.202.153.251:8080

5.189.148.98:8080

83.110.75.153:8090

95.178.241.254:465

190.55.39.215:80

70.45.30.28:80

181.230.126.152:8090

83.169.33.157:8080

190.55.86.138:8443

201.113.23.175:443

113.52.135.33:7080

139.59.242.76:8080

190.171.105.158:7080

rsa_pubkey.plain

Targets

- Target
  
  45c4092184d290e23c2dfd45e823bf8a_JaffaCakes118
- Size
  
  97KB
- MD5
  
  45c4092184d290e23c2dfd45e823bf8a
- SHA1
  
  986a219e61c646ba1c40344adab6c65b95bb0258
- SHA256
  
  ac5564766899e60fe1b9168fde2479c495d08ee002772d1674ffd90dbd4360f0
- SHA512
  
  44d8a874b78810e76d25ae4985f6b0ec9f3e30ec7cef9e892fc3956c0dac459e14f1f9374476272b03bdf46c4c17b8e141f25172a16a12fde1a73a1cec78bfbe
- SSDEEP
  
  1536:lEHrMiB/Hf4WsPMzCxVHkMU6pZmaLQmWEw1NGn/heGz2A50Cf9w4j/:mr/sPMOXJUWL/WEcc/hZzH50uTD
Score

10^/10

emotet epoch3 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2