emotet

General

Target

a562fe3ee673f1d1d459f4988318b891_JaffaCakes118
Size

332KB
Sample

240818-e4qxcavhnd
MD5

a562fe3ee673f1d1d459f4988318b891
SHA1

2c70ab1245b36b9d9efd152eda86be67acbb1f08
SHA256

54a38279e0c1b0412d5d73a4e2deebb87f6a9c65a129b3346aecd563920aa5c4
SHA512

94be900603cdcf9e3241ab632d2cabde7d458d121445a52eb0a80145cc21adb8e53a67efd766d3835c503dfb7b14f81f735ba2b5eac6879c2828d7a862e8b39e
SSDEEP

6144:K6j9Z3DjSoRfAmBp8WOB5Nc4F6csEgFplmRS3eC4dexbXzQ:x9ZzjS+ozHB564F6csE4fmRS3xzQ

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

67.225.179.64:8080

192.241.220.155:8080

167.99.105.223:7080

176.31.200.130:8080

149.202.153.252:8080

5.196.74.210:8080

173.249.47.77:8080

192.81.213.192:8080

186.4.172.5:8080

159.65.25.128:8080

212.71.234.16:8080

181.143.53.227:21

186.4.172.5:443

46.105.131.87:80

181.143.194.138:443

94.205.247.10:80

190.145.67.134:8090

178.79.161.166:443

59.103.164.174:80

104.131.44.150:8080

rsa_pubkey.plain

Targets

- Target
  
  a562fe3ee673f1d1d459f4988318b891_JaffaCakes118
- Size
  
  332KB
- MD5
  
  a562fe3ee673f1d1d459f4988318b891
- SHA1
  
  2c70ab1245b36b9d9efd152eda86be67acbb1f08
- SHA256
  
  54a38279e0c1b0412d5d73a4e2deebb87f6a9c65a129b3346aecd563920aa5c4
- SHA512
  
  94be900603cdcf9e3241ab632d2cabde7d458d121445a52eb0a80145cc21adb8e53a67efd766d3835c503dfb7b14f81f735ba2b5eac6879c2828d7a862e8b39e
- SSDEEP
  
  6144:K6j9Z3DjSoRfAmBp8WOB5Nc4F6csEgFplmRS3eC4dexbXzQ:x9ZzjS+ozHB564F6csE4fmRS3xzQ
Score

10^/10

emotet epoch2 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2