Overview

overview

10

Static

static

3

d0d229a6b6...18.exe

windows7-x64

10

d0d229a6b6...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d0d229a6b6dff939f99669783373896f_JaffaCakes118

  • Size

    261KB

  • Sample

    240907-b5jymsygnd

  • MD5

    d0d229a6b6dff939f99669783373896f

  • SHA1

    062d39e37b1148b464501f5d9c0bf625572d1279

  • SHA256

    6b974f00d18b49dc78f273b7afe5b684d0bc25ae838e45f241c59f2e07ed18cf

  • SHA512

    ef5ce25413dda1f11e06be96aadeed73d5754c10796b09cc3f75e07bee8bcf6c3fdbea5b6a0cbed30db3a4384ad46349bcd1caed96e870dd120fe7f29028a713

  • SSDEEP

    6144:OY7gqyCThRpY+c2Db6c1c7+iKAIZrp5qTXE3ga5lY:OaV08Db1W+80p5qzEg2Y

Score
10/10
emotetepoch2bankerdiscoverytrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

94.205.247.10:80

86.22.221.170:80

85.25.255.207:8080

185.94.252.13:443

94.177.216.217:8080

186.4.172.5:20

198.199.114.69:8080

45.33.49.124:443

200.71.148.138:8080

24.45.195.162:7080

136.243.177.26:8080

95.128.43.213:8080

182.176.132.213:8090

190.228.72.244:53

152.89.236.214:8080

27.4.80.183:443

78.24.219.147:8080

62.75.187.192:8080

67.225.229.55:8080

83.136.245.190:8080
rsa_pubkey.plain

Targets

    • Target

      d0d229a6b6dff939f99669783373896f_JaffaCakes118

    • Size

      261KB

    • MD5

      d0d229a6b6dff939f99669783373896f

    • SHA1

      062d39e37b1148b464501f5d9c0bf625572d1279

    • SHA256

      6b974f00d18b49dc78f273b7afe5b684d0bc25ae838e45f241c59f2e07ed18cf

    • SHA512

      ef5ce25413dda1f11e06be96aadeed73d5754c10796b09cc3f75e07bee8bcf6c3fdbea5b6a0cbed30db3a4384ad46349bcd1caed96e870dd120fe7f29028a713

    • SSDEEP

      6144:OY7gqyCThRpY+c2Db6c1c7+iKAIZrp5qTXE3ga5lY:OaV08Db1W+80p5qzEg2Y

    Score
    10/10
    emotetepoch2bankerdiscoverytrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks