emotet

General

Target

d61e60034c948cdfa84c257900be81a6_JaffaCakes118
Size

632KB
Sample

240909-meszeavhnb
MD5

d61e60034c948cdfa84c257900be81a6
SHA1

2a65f934d9b0da459483988e6cc312edc48025b4
SHA256

b2c9c4b6e211ed906fd088827d6f405b0c302f032035732ce2cffa5436717d26
SHA512

bcc9ae94443ce40103cefdc1603aca21f8925e4c997779f0e2c99443382399f54e9adb8553a7910f0d5a82b8f410e751a23d1caa1f8c5b000ccacb3b74ed3d3b
SSDEEP

12288:RphSRoPQfYGRWDr/ZxQko0WYNkjC9smpNNH:RHL6WDDWY6UN5

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

54.38.94.197:8080

192.161.190.171:8080

80.93.48.49:7080

222.239.249.166:443

201.196.15.79:990

37.59.24.25:8080

113.52.135.33:7080

172.104.70.207:8080

217.26.163.82:7080

216.75.37.196:8080

157.7.164.178:8081

212.129.14.27:8080

198.57.217.170:8080

186.66.224.182:990

119.159.150.176:443

181.197.108.171:443

191.100.24.201:50000

95.216.212.157:8080

187.177.155.123:990

190.189.79.73:80

rsa_pubkey.plain

Targets

- Target
  
  d61e60034c948cdfa84c257900be81a6_JaffaCakes118
- Size
  
  632KB
- MD5
  
  d61e60034c948cdfa84c257900be81a6
- SHA1
  
  2a65f934d9b0da459483988e6cc312edc48025b4
- SHA256
  
  b2c9c4b6e211ed906fd088827d6f405b0c302f032035732ce2cffa5436717d26
- SHA512
  
  bcc9ae94443ce40103cefdc1603aca21f8925e4c997779f0e2c99443382399f54e9adb8553a7910f0d5a82b8f410e751a23d1caa1f8c5b000ccacb3b74ed3d3b
- SSDEEP
  
  12288:RphSRoPQfYGRWDr/ZxQko0WYNkjC9smpNNH:RHL6WDDWY6UN5
Score

10^/10

emotet epoch3 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2