emotet

General

Target

2024-05-18_3106bf80b20bd0c085bd2f075201ad8d_icedid
Size

548KB
Sample

240518-nyyjnsaa87
MD5

3106bf80b20bd0c085bd2f075201ad8d
SHA1

cdd99f43028704a2afd21dc0a43e386ba80acd7b
SHA256

7a8d00cfb1d9376998fdd56ab9d3687a541dca22d5c710934e13a4f27686d03f
SHA512

1366cd1cb225062efed0b1dc1f8d3dfbff320fc655e65f8dd5507f3aa8fcfad4838daf9cf3b8db4c08180fc3438a3787ea27b72b2dab5f4e6129f1f7568e4f07
SSDEEP

12288:OBXvFAL64LpLuW8HdZM3Qhty27Un1D+XSDwhC3:OJvFH4Lhu9ZMgTX7UxQSDx3

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

41.169.20.147:443

61.37.31.243:80

104.236.28.47:8080

46.105.131.87:80

92.222.216.44:8080

88.249.120.205:80

75.133.26.185:80

200.21.90.5:443

190.55.181.54:443

60.231.217.199:8080

50.35.17.13:80

182.71.222.187:80

45.33.49.124:443

139.130.242.43:80

103.86.49.11:8080

181.56.163.152:80

185.144.138.187:80

180.92.239.110:8080

190.143.39.231:80

120.151.135.224:80

rsa_pubkey.plain

Targets

- Target
  
  2024-05-18_3106bf80b20bd0c085bd2f075201ad8d_icedid
- Size
  
  548KB
- MD5
  
  3106bf80b20bd0c085bd2f075201ad8d
- SHA1
  
  cdd99f43028704a2afd21dc0a43e386ba80acd7b
- SHA256
  
  7a8d00cfb1d9376998fdd56ab9d3687a541dca22d5c710934e13a4f27686d03f
- SHA512
  
  1366cd1cb225062efed0b1dc1f8d3dfbff320fc655e65f8dd5507f3aa8fcfad4838daf9cf3b8db4c08180fc3438a3787ea27b72b2dab5f4e6129f1f7568e4f07
- SSDEEP
  
  12288:OBXvFAL64LpLuW8HdZM3Qhty27Un1D+XSDwhC3:OJvFH4Lhu9ZMgTX7UxQSDx3
Score

10^/10

emotet epoch2 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2