emotet

General

Target

c200b1ffadeb3554a30db0f930676bfe_JaffaCakes118
Size

340KB
Sample

240826-bsbfqsxbjg
MD5

c200b1ffadeb3554a30db0f930676bfe
SHA1

8e5e217bf4475aa299e36aa9599bad79ccdfce1f
SHA256

c9119d0adfdc7748b4e1224895d1c855a7267d0d7981140c4b96e36b80c24b09
SHA512

15cf017d87361e63db19c253121e9b8bd12d166f24280a875b2a493d8944aa0ec6b63b7c0ad38bcdccbc0c3e085c3310000e2854cc4530515932e927dce99a6f
SSDEEP

3072:3vA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXHWP:3206xWgGxLxWN40PDKR/JnX2P

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

69.38.130.14:80

195.159.28.230:8080

162.241.204.233:8080

115.21.224.117:80

78.189.148.42:80

181.165.68.127:80

78.188.225.105:80

161.0.153.60:80

89.106.251.163:80

172.125.40.123:80

5.39.91.110:7080

110.145.11.73:80

190.251.200.206:80

144.217.7.207:7080

75.109.111.18:80

75.177.207.146:80

139.59.60.244:8080

70.183.211.3:80

95.213.236.64:8080

61.19.246.238:443

rsa_pubkey.plain

1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhANQOcBKvh5xEW7VcJ9totsjdBwuAclxS
3
Q0e09fk8V053lktpW3TRrzAW63yt6j1KWnyxMrU3igFXypBoI4lVNmkje4UPtIIS
4
fkzjEIvG1v/ZNn1k0J0PfFTxbFFeUEs3AwIDAQAB
5
-----END PUBLIC KEY-----

Targets

- Target
  
  c200b1ffadeb3554a30db0f930676bfe_JaffaCakes118
- Size
  
  340KB
- MD5
  
  c200b1ffadeb3554a30db0f930676bfe
- SHA1
  
  8e5e217bf4475aa299e36aa9599bad79ccdfce1f
- SHA256
  
  c9119d0adfdc7748b4e1224895d1c855a7267d0d7981140c4b96e36b80c24b09
- SHA512
  
  15cf017d87361e63db19c253121e9b8bd12d166f24280a875b2a493d8944aa0ec6b63b7c0ad38bcdccbc0c3e085c3310000e2854cc4530515932e927dce99a6f
- SSDEEP
  
  3072:3vA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXHWP:3206xWgGxLxWN40PDKR/JnX2P
Score

10^/10

emotet epoch2 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.