emotet

General

Target

d4c8ed6fcf357df57de0aee8b97fa4ba_JaffaCakes118
Size

540KB
Sample

240908-tzm28aycqe
MD5

d4c8ed6fcf357df57de0aee8b97fa4ba
SHA1

7ea7666284e6fcdc7640db3582f110870320f648
SHA256

bcff938a98d348fd7270cc7c9bb7a2eab74f67602599b84a3a94abfaf6866486
SHA512

769d0e5a7ca291a65e66fd296196e93b406d8cf3bca07f33e402eaadabfb83c008449402f539c3758e19c1ba9fe5c8d045de818e55d5af018f7b687992643eb0
SSDEEP

6144:Kh3jO6DyHUWraQKNbG0HWjtHsEROB3kYVjTRGjx5N0pj1rZ:5Gy0WraQK9vHWBHsEROB5R66

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

190.16.101.10:80

190.217.1.149:80

45.56.122.75:80

85.25.92.96:8080

94.177.253.126:80

187.188.166.192:80

192.241.220.183:8080

189.132.130.111:8080

186.109.91.136:80

186.92.11.143:8080

203.99.182.135:443

91.109.5.28:8080

70.32.94.58:8080

70.45.30.28:80

203.99.187.137:443

190.228.212.165:50000

51.38.134.203:8080

203.99.188.11:443

184.82.233.15:80

154.120.227.206:8080

rsa_pubkey.plain

Targets

- Target
  
  d4c8ed6fcf357df57de0aee8b97fa4ba_JaffaCakes118
- Size
  
  540KB
- MD5
  
  d4c8ed6fcf357df57de0aee8b97fa4ba
- SHA1
  
  7ea7666284e6fcdc7640db3582f110870320f648
- SHA256
  
  bcff938a98d348fd7270cc7c9bb7a2eab74f67602599b84a3a94abfaf6866486
- SHA512
  
  769d0e5a7ca291a65e66fd296196e93b406d8cf3bca07f33e402eaadabfb83c008449402f539c3758e19c1ba9fe5c8d045de818e55d5af018f7b687992643eb0
- SSDEEP
  
  6144:Kh3jO6DyHUWraQKNbG0HWjtHsEROB3kYVjTRGjx5N0pj1rZ:5Gy0WraQK9vHWBHsEROB5R66
Score

10^/10

emotet epoch3 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2