emotet

General

Target

d2f3646aebadc53b23ab8e51de709500_JaffaCakes118
Size

225KB
Sample

240907-1885daycmk
MD5

d2f3646aebadc53b23ab8e51de709500
SHA1

979f8d559cb10581fb9f6c6cd3359f782cbe34a1
SHA256

129b18021507b44508f64ed547562936ffd6bb54bf984902d4df9d9532f1e2b1
SHA512

1784bad863354ee5b3f1da9108de300c7976a4621e9e709d512d540acda0fb054070084fa291bcb76947dfe495cfd9e074419c3c7118110f265c1fccde1679a5
SSDEEP

3072:If1BDZ0kVB67Duw9AMc21CxDistRJKvbSrNo5kIMvdE01Q0XMTzT7m8ebupgI:I9X0GBDie24IMlE0rQHFebupJ

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

71.72.196.159:80

134.209.36.254:8080

120.138.30.150:8080

94.23.216.33:80

157.245.99.39:8080

137.59.187.107:8080

94.23.237.171:443

61.19.246.238:443

156.155.166.221:80

50.35.17.13:80

153.137.36.142:80

91.211.88.52:7080

209.141.54.221:8080

185.94.252.104:443

174.45.13.118:80

87.106.136.232:8080

62.75.141.82:80

213.196.135.145:80

188.219.31.12:80

82.80.155.43:80

rsa_pubkey.plain

Targets

- Target
  
  d2f3646aebadc53b23ab8e51de709500_JaffaCakes118
- Size
  
  225KB
- MD5
  
  d2f3646aebadc53b23ab8e51de709500
- SHA1
  
  979f8d559cb10581fb9f6c6cd3359f782cbe34a1
- SHA256
  
  129b18021507b44508f64ed547562936ffd6bb54bf984902d4df9d9532f1e2b1
- SHA512
  
  1784bad863354ee5b3f1da9108de300c7976a4621e9e709d512d540acda0fb054070084fa291bcb76947dfe495cfd9e074419c3c7118110f265c1fccde1679a5
- SSDEEP
  
  3072:If1BDZ0kVB67Duw9AMc21CxDistRJKvbSrNo5kIMvdE01Q0XMTzT7m8ebupgI:I9X0GBDie24IMlE0rQHFebupJ
Score

10^/10

emotet epoch2 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4