emotet

General

Target

6382e60479cb0ab0cf9fbf6b456d5580_JaffaCakes118
Size

425KB
Sample

240521-q5l6bsgc3w
MD5

6382e60479cb0ab0cf9fbf6b456d5580
SHA1

62fba9c60d2374a9d1d300638795ac0fc8297c98
SHA256

8ac484407e6f7e10e97b5b32f72494cf0099ad3b7a1c2ed6f09b6856a963fd8b
SHA512

09367269f7668f004e0b5ea4d1235a39439d0893c58cf2f6db09ece2fae1c4a04051fe19049c8054a726e58f5876a338ce01216e9dbd84fbe25372f17cf487d9
SSDEEP

6144:6riTApO8CLavbVUGXjDsDaKaIwLnhc/WGLeGFL7h11UOvTmgyyyyyyyyyyyyyyyg:DGXqzacuGfFxUO7mQDi+6Y

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

186.159.246.121:80

201.210.70.8:8080

46.105.131.68:8080

192.163.221.191:8080

124.150.175.133:80

5.189.148.98:8080

95.216.207.86:7080

189.145.6.189:80

212.112.113.235:80

187.143.219.242:8080

189.132.130.111:8080

190.96.118.15:443

190.217.1.149:80

172.104.70.207:8080

42.190.4.92:443

152.170.220.95:80

203.99.188.11:443

216.75.37.196:8080

190.55.39.215:80

185.45.24.254:7080

rsa_pubkey.plain

Targets

- Target
  
  6382e60479cb0ab0cf9fbf6b456d5580_JaffaCakes118
- Size
  
  425KB
- MD5
  
  6382e60479cb0ab0cf9fbf6b456d5580
- SHA1
  
  62fba9c60d2374a9d1d300638795ac0fc8297c98
- SHA256
  
  8ac484407e6f7e10e97b5b32f72494cf0099ad3b7a1c2ed6f09b6856a963fd8b
- SHA512
  
  09367269f7668f004e0b5ea4d1235a39439d0893c58cf2f6db09ece2fae1c4a04051fe19049c8054a726e58f5876a338ce01216e9dbd84fbe25372f17cf487d9
- SSDEEP
  
  6144:6riTApO8CLavbVUGXjDsDaKaIwLnhc/WGLeGFL7h11UOvTmgyyyyyyyyyyyyyyyg:DGXqzacuGfFxUO7mQDi+6Y
Score

10^/10

emotet epoch3 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2