emotet

General

Target

d7b7879e0c28036feeb864c103a95a72_JaffaCakes118
Size

330KB
Sample

240910-g9y61szglm
MD5

d7b7879e0c28036feeb864c103a95a72
SHA1

d69e28e3786eb960eea26ffaee46f67ec5f978cb
SHA256

557f14fbb46192d0d95134d84963c70f22f81757f41200c2dc9cafcbaa7435fe
SHA512

573b1eeee8fd2d03fe9f6ccab4868f9941a537cb3d09fe588106f7daf3d839aa38160f6314bf99071bac288795f4e1d6831118c0ea8e31d6e9cd4612096188b7
SSDEEP

6144:NNXIq0JjQba44/qmsuBS1UURwdBPUVw3ejO+gGrRnOs6:rXzxbjmJBS1oPJOS+gGr2

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

173.91.11.142:80

47.6.15.79:80

47.6.15.79:443

37.59.24.177:8080

66.34.201.20:7080

108.179.206.219:8080

45.56.88.91:443

101.187.134.207:443

1.33.230.137:80

110.143.57.109:80

108.191.2.72:80

47.156.70.145:80

167.71.10.37:8080

190.226.44.20:21

74.105.102.97:8080

190.147.215.53:22

24.45.193.161:7080

70.175.171.251:80

138.59.177.106:443

12.176.19.218:80

rsa_pubkey.plain

Targets

- Target
  
  d7b7879e0c28036feeb864c103a95a72_JaffaCakes118
- Size
  
  330KB
- MD5
  
  d7b7879e0c28036feeb864c103a95a72
- SHA1
  
  d69e28e3786eb960eea26ffaee46f67ec5f978cb
- SHA256
  
  557f14fbb46192d0d95134d84963c70f22f81757f41200c2dc9cafcbaa7435fe
- SHA512
  
  573b1eeee8fd2d03fe9f6ccab4868f9941a537cb3d09fe588106f7daf3d839aa38160f6314bf99071bac288795f4e1d6831118c0ea8e31d6e9cd4612096188b7
- SSDEEP
  
  6144:NNXIq0JjQba44/qmsuBS1UURwdBPUVw3ejO+gGrRnOs6:rXzxbjmJBS1oPJOS+gGr2
Score

10^/10

emotet epoch2 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2