emotet

General

Target

ccfb2c8d1067f344c8641be9a94a5b4f_JaffaCakes118
Size

572KB
Sample

240831-rvq7zaycje
MD5

ccfb2c8d1067f344c8641be9a94a5b4f
SHA1

3ba4446053b3cb0c192d476df06e28ae3f6d6685
SHA256

67e215d00bc82ece78aefacc35df1caa48f235efe82a25d7be9f7d5a265ae7ff
SHA512

c1164eb47bc878e4ade62f01fcc7cd32af3f9b17f6bd08194301b824fccd3a576e33c10aa9ac3490e34255a9b748798c6e1c5f6146ccbef3e28d3adf665b9234
SSDEEP

6144:XLOYXpa/ummNl/C5lXS/U6zJjSOd77yPZ5qxSorTCQ2z07517kBebS9ZuXCxnS9d:X6ummjiX6B+PZC+OLyZZS9rVFnF

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

200.41.121.69:443

153.190.41.185:80

165.100.148.200:443

103.9.145.19:8080

46.105.128.215:8080

172.105.213.30:80

69.30.205.162:7080

172.104.70.207:8080

198.57.217.170:8080

103.122.75.218:80

212.112.113.235:80

113.52.135.33:7080

60.53.3.153:8080

1.32.54.12:8080

142.93.87.198:8080

91.117.31.181:80

45.129.121.222:443

186.215.101.106:80

143.95.101.72:8080

187.233.220.93:443

rsa_pubkey.plain

Targets

- Target
  
  ccfb2c8d1067f344c8641be9a94a5b4f_JaffaCakes118
- Size
  
  572KB
- MD5
  
  ccfb2c8d1067f344c8641be9a94a5b4f
- SHA1
  
  3ba4446053b3cb0c192d476df06e28ae3f6d6685
- SHA256
  
  67e215d00bc82ece78aefacc35df1caa48f235efe82a25d7be9f7d5a265ae7ff
- SHA512
  
  c1164eb47bc878e4ade62f01fcc7cd32af3f9b17f6bd08194301b824fccd3a576e33c10aa9ac3490e34255a9b748798c6e1c5f6146ccbef3e28d3adf665b9234
- SSDEEP
  
  6144:XLOYXpa/ummNl/C5lXS/U6zJjSOd77yPZ5qxSorTCQ2z07517kBebS9ZuXCxnS9d:X6ummjiX6B+PZC+OLyZZS9rVFnF
Score

10^/10

emotet epoch3 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2