emotet

General

Target

64988626987ead87c1201ea5b6190acb_JaffaCakes118
Size

217KB
Sample

240521-yvb7daha3w
MD5

64988626987ead87c1201ea5b6190acb
SHA1

bf73ac6e6f25f08b23ebd3f9dbd3caa0e69a098b
SHA256

74fd0f4cea9f4a58e00c437103f174849c230f12a8a15eb02f44f2070449fb91
SHA512

216fea83e0c6c44b53eb31c0302bd784f47a2f7b9f2482796789a0844c660fac93076cdf60f5236d4be175c6e19b61e844facd0bdb92e61d524e3c33b73e85e7
SSDEEP

3072:ghwzKIBjNtuBNjTFgEnf2qcmWsnvspn8XldWpz60icVgN8JSJ68UPslHh:qFIpNtuBRj2qMW0olYpz6zugNS8Esn

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

50.116.86.205:8080

209.97.168.52:8080

37.187.2.199:443

149.202.197.94:8080

104.239.175.211:8080

104.131.11.150:8080

144.139.247.220:80

59.103.164.174:80

182.176.132.213:8090

87.230.19.21:8080

149.202.153.252:8080

103.39.131.88:80

107.170.24.125:8080

192.241.255.77:8080

190.145.67.134:8090

186.75.241.230:80

192.241.220.155:8080

178.210.51.222:8080

37.157.194.134:443

31.12.67.62:7080

rsa_pubkey.plain

Targets

- Target
  
  64988626987ead87c1201ea5b6190acb_JaffaCakes118
- Size
  
  217KB
- MD5
  
  64988626987ead87c1201ea5b6190acb
- SHA1
  
  bf73ac6e6f25f08b23ebd3f9dbd3caa0e69a098b
- SHA256
  
  74fd0f4cea9f4a58e00c437103f174849c230f12a8a15eb02f44f2070449fb91
- SHA512
  
  216fea83e0c6c44b53eb31c0302bd784f47a2f7b9f2482796789a0844c660fac93076cdf60f5236d4be175c6e19b61e844facd0bdb92e61d524e3c33b73e85e7
- SSDEEP
  
  3072:ghwzKIBjNtuBNjTFgEnf2qcmWsnvspn8XldWpz60icVgN8JSJ68UPslHh:qFIpNtuBRj2qMW0olYpz6zugNS8Esn
Score

10^/10

emotet epoch2 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2