emotet

General

Target

7b1c5884fa3ce2ee9e1c4fc234b23a6e_JaffaCakes118
Size

532KB
Sample

240731-d5bclsyenc
MD5

7b1c5884fa3ce2ee9e1c4fc234b23a6e
SHA1

5a3afd7d09b45f2217851a48281184d1063ecb14
SHA256

0b18094011e9488b9060a248f16b3de27f3e7a4f1711692a54ffe2e373f85987
SHA512

4171fbaeb309f7c46431adb016ad456c5ce057474c72a8b4f2a05a2aeab1a0219753e591dab679ccd331d97ab2b0b40417e1db9fdf9302e66e24e6bab3ebc15b
SSDEEP

6144:ZCPy7WF4+2vgvrRlrT4+5XepCbR1AqoWeW/wWYmRPHuid:APQ+2vkrRlPXepCbR1AqDdHui

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

174.106.122.139:80

159.203.116.47:8080

173.249.6.108:443

104.236.246.93:8080

174.45.13.118:80

137.59.187.107:8080

94.200.114.161:80

37.187.72.193:8080

67.10.155.92:80

121.124.124.40:7080

24.43.99.75:80

75.139.38.211:80

109.74.5.95:8080

137.119.36.33:80

74.134.41.124:80

66.65.136.14:80

94.1.108.190:443

181.169.235.7:80

79.137.83.50:443

104.131.44.150:8080

rsa_pubkey.plain

1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhANQOcBKvh5xEW7VcJ9totsjdBwuAclxS
3
Q0e09fk8V053lktpW3TRrzAW63yt6j1KWnyxMrU3igFXypBoI4lVNmkje4UPtIIS
4
fkzjEIvG1v/ZNn1k0J0PfFTxbFFeUEs3AwIDAQAB
5
-----END PUBLIC KEY-----

Targets

- Target
  
  7b1c5884fa3ce2ee9e1c4fc234b23a6e_JaffaCakes118
- Size
  
  532KB
- MD5
  
  7b1c5884fa3ce2ee9e1c4fc234b23a6e
- SHA1
  
  5a3afd7d09b45f2217851a48281184d1063ecb14
- SHA256
  
  0b18094011e9488b9060a248f16b3de27f3e7a4f1711692a54ffe2e373f85987
- SHA512
  
  4171fbaeb309f7c46431adb016ad456c5ce057474c72a8b4f2a05a2aeab1a0219753e591dab679ccd331d97ab2b0b40417e1db9fdf9302e66e24e6bab3ebc15b
- SSDEEP
  
  6144:ZCPy7WF4+2vgvrRlrT4+5XepCbR1AqoWeW/wWYmRPHuid:APQ+2vkrRlPXepCbR1AqDdHui
Score

10^/10

emotet epoch2 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet payload

Executes dropped EXE

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.