emotet

General

Target

c4a8d7d62543eb9c6d2f8cfdc4165652_JaffaCakes118
Size

156KB
Sample

240827-klmd4asbqf
MD5

c4a8d7d62543eb9c6d2f8cfdc4165652
SHA1

cbe338977295abb5a49c78f9a206a5a52afa21e5
SHA256

39183c9be2cbecdb8c1f9c14566403af7536faf5b0c9004e8c7afaabd8cab6ec
SHA512

1a4df78c5a810d1928a6088403f5010e90083b56fa4cd4ca415b8d4fb5f5b89e9580683ae7cadb621716a323668a4629c75633db6636bb5cec7ffc73c334b919
SSDEEP

1536:qXGNxEKJx6qdlaPLA1tjUb6vfEwDfJ8rWR0hoZjeZtaNT6hSegcAe6frjq8jIEg/:uGnEKJx6q6zUqOr5Z4aNipDj6f/qn

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

47.146.32.175:80

212.51.142.238:8080

200.55.243.138:8080

114.146.222.200:80

153.126.210.205:7080

121.124.124.40:7080

222.214.218.37:4143

67.241.24.163:8080

180.92.239.110:8080

203.153.216.189:7080

119.198.40.179:80

70.167.215.250:8080

168.235.67.138:7080

190.55.181.54:443

139.59.60.244:8080

189.212.199.126:443

78.24.219.147:8080

61.19.246.238:443

137.59.187.107:8080

87.106.139.101:8080

rsa_pubkey.plain

Targets

- Target
  
  c4a8d7d62543eb9c6d2f8cfdc4165652_JaffaCakes118
- Size
  
  156KB
- MD5
  
  c4a8d7d62543eb9c6d2f8cfdc4165652
- SHA1
  
  cbe338977295abb5a49c78f9a206a5a52afa21e5
- SHA256
  
  39183c9be2cbecdb8c1f9c14566403af7536faf5b0c9004e8c7afaabd8cab6ec
- SHA512
  
  1a4df78c5a810d1928a6088403f5010e90083b56fa4cd4ca415b8d4fb5f5b89e9580683ae7cadb621716a323668a4629c75633db6636bb5cec7ffc73c334b919
- SSDEEP
  
  1536:qXGNxEKJx6qdlaPLA1tjUb6vfEwDfJ8rWR0hoZjeZtaNT6hSegcAe6frjq8jIEg/:uGnEKJx6q6zUqOr5Z4aNipDj6f/qn
Score

10^/10

emotet epoch2 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2