emotet

General

Target

d74ee28a91d0e857427837c5bdbae83d_JaffaCakes118
Size

667KB
Sample

240910-abgqrayenh
MD5

d74ee28a91d0e857427837c5bdbae83d
SHA1

e8a485c603a0ef3badbe183e9f7640cd8eaed20f
SHA256

7e49f4889e0d8b5c6c8add44631b7f0f0d820612497e2adec2b9197e985d1cba
SHA512

d488931ed08d7eddff9fb72898b92e9117f60a2ba99a3deefa53d1d28b325c4e6b8b9f41512cc74196083a3df46d9955a4fdca4b26d3b7b74b9ecd8e6d47ccfc
SSDEEP

12288:76JJG//tnC5VCFSoDpaQlHfl6mCiWDaBMNCFbnG:76J6/tniVNoDgQVN6mCip9FbG

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

202.22.141.45:80

37.187.161.206:8080

202.29.239.162:443

80.87.201.221:7080

82.76.111.249:443

216.47.196.104:80

192.241.143.52:8080

192.81.38.31:80

87.106.253.248:8080

64.201.88.132:80

192.241.146.84:8080

12.162.84.2:8080

1.226.84.243:8080

177.129.17.170:443

202.134.4.210:7080

70.169.17.134:80

152.169.22.67:80

5.196.35.138:7080

138.97.60.141:7080

203.205.28.68:80

rsa_pubkey.plain

Targets

- Target
  
  d74ee28a91d0e857427837c5bdbae83d_JaffaCakes118
- Size
  
  667KB
- MD5
  
  d74ee28a91d0e857427837c5bdbae83d
- SHA1
  
  e8a485c603a0ef3badbe183e9f7640cd8eaed20f
- SHA256
  
  7e49f4889e0d8b5c6c8add44631b7f0f0d820612497e2adec2b9197e985d1cba
- SHA512
  
  d488931ed08d7eddff9fb72898b92e9117f60a2ba99a3deefa53d1d28b325c4e6b8b9f41512cc74196083a3df46d9955a4fdca4b26d3b7b74b9ecd8e6d47ccfc
- SSDEEP
  
  12288:76JJG//tnC5VCFSoDpaQlHfl6mCiWDaBMNCFbnG:76J6/tniVNoDgQVN6mCip9FbG
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet payload

Executes dropped EXE

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2