emotet

General

Target

d0d229a6b6dff939f99669783373896f_JaffaCakes118
Size

261KB
Sample

240907-b5jymsygnd
MD5

d0d229a6b6dff939f99669783373896f
SHA1

062d39e37b1148b464501f5d9c0bf625572d1279
SHA256

6b974f00d18b49dc78f273b7afe5b684d0bc25ae838e45f241c59f2e07ed18cf
SHA512

ef5ce25413dda1f11e06be96aadeed73d5754c10796b09cc3f75e07bee8bcf6c3fdbea5b6a0cbed30db3a4384ad46349bcd1caed96e870dd120fe7f29028a713
SSDEEP

6144:OY7gqyCThRpY+c2Db6c1c7+iKAIZrp5qTXE3ga5lY:OaV08Db1W+80p5qzEg2Y

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

94.205.247.10:80

86.22.221.170:80

85.25.255.207:8080

185.94.252.13:443

94.177.216.217:8080

186.4.172.5:20

198.199.114.69:8080

45.33.49.124:443

200.71.148.138:8080

24.45.195.162:7080

136.243.177.26:8080

95.128.43.213:8080

182.176.132.213:8090

190.228.72.244:53

152.89.236.214:8080

27.4.80.183:443

78.24.219.147:8080

62.75.187.192:8080

67.225.229.55:8080

83.136.245.190:8080

rsa_pubkey.plain

Targets

- Target
  
  d0d229a6b6dff939f99669783373896f_JaffaCakes118
- Size
  
  261KB
- MD5
  
  d0d229a6b6dff939f99669783373896f
- SHA1
  
  062d39e37b1148b464501f5d9c0bf625572d1279
- SHA256
  
  6b974f00d18b49dc78f273b7afe5b684d0bc25ae838e45f241c59f2e07ed18cf
- SHA512
  
  ef5ce25413dda1f11e06be96aadeed73d5754c10796b09cc3f75e07bee8bcf6c3fdbea5b6a0cbed30db3a4384ad46349bcd1caed96e870dd120fe7f29028a713
- SSDEEP
  
  6144:OY7gqyCThRpY+c2Db6c1c7+iKAIZrp5qTXE3ga5lY:OaV08Db1W+80p5qzEg2Y
Score

10^/10

emotet epoch2 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2