emotet

General

Target

c6ee4042ff5019dd824e0e2b3f0e0eef_JaffaCakes118
Size

614KB
Sample

240828-ql155szcje
MD5

c6ee4042ff5019dd824e0e2b3f0e0eef
SHA1

46a4f9e6aab1edd5a5402d4d88b9cb79bcb4c4e7
SHA256

f3c2791dd6888f86e8caca340c91c57917fb7e098b9c3a0d5d507642e033bf98
SHA512

f57034d8b021c38f4f48a8f0f7b79e023604b8a0f1a017cf6d119b08d7e29c7f8d2a42b63cc180fb39c1e95d8afadfa1c63b1c9dab211baf1be020d20b17f4a2
SSDEEP

12288:SYzchQVZnkmt/70MWugxPJZFpf0c1pHnbdJrs2xnd:d4KV5Hpt8bZHLRCA

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

69.38.130.14:80

195.159.28.230:8080

162.241.204.233:8080

181.165.68.127:80

49.205.182.134:80

190.251.200.206:80

139.59.60.244:8080

119.59.116.21:8080

89.216.122.92:80

185.94.252.104:443

70.92.118.112:80

78.24.219.147:8080

173.70.61.180:80

87.106.139.101:8080

66.57.108.14:443

24.179.13.119:80

121.124.124.40:7080

61.19.246.238:443

200.116.145.225:443

93.146.48.84:80

rsa_pubkey.plain

1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhANQOcBKvh5xEW7VcJ9totsjdBwuAclxS
3
Q0e09fk8V053lktpW3TRrzAW63yt6j1KWnyxMrU3igFXypBoI4lVNmkje4UPtIIS
4
fkzjEIvG1v/ZNn1k0J0PfFTxbFFeUEs3AwIDAQAB
5
-----END PUBLIC KEY-----

Targets

- Target
  
  c6ee4042ff5019dd824e0e2b3f0e0eef_JaffaCakes118
- Size
  
  614KB
- MD5
  
  c6ee4042ff5019dd824e0e2b3f0e0eef
- SHA1
  
  46a4f9e6aab1edd5a5402d4d88b9cb79bcb4c4e7
- SHA256
  
  f3c2791dd6888f86e8caca340c91c57917fb7e098b9c3a0d5d507642e033bf98
- SHA512
  
  f57034d8b021c38f4f48a8f0f7b79e023604b8a0f1a017cf6d119b08d7e29c7f8d2a42b63cc180fb39c1e95d8afadfa1c63b1c9dab211baf1be020d20b17f4a2
- SSDEEP
  
  12288:SYzchQVZnkmt/70MWugxPJZFpf0c1pHnbdJrs2xnd:d4KV5Hpt8bZHLRCA
Score

10^/10

emotet epoch2 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.