emotet

General

Target

d7b102b2eb4580fdc23b900d5a621012_JaffaCakes118
Size

224KB
Sample

240910-gwmwts1ejb
MD5

d7b102b2eb4580fdc23b900d5a621012
SHA1

1f613b6628c842b9699977d8da5a5698b2f3baec
SHA256

b0e0860c554581b68f3e2857f5dd61ca5a416bbddbb1383e5e03d1c9f7689c60
SHA512

9c3b13fb47355d94d9c62544c8d3b4ad8a6d1b2f5e029f95d04627617f9e250413e47b3db6450835b83d06bc12ddc8df407d87c14276b8f906964d99e91eec17
SSDEEP

3072:Ofl9ZDkp/eLwpK6aibhsTbnx+KJU9FKOi4CK57HlsxNdytGAIrc/DU/RUtf/s:OBDkOwA6adxHqiFK5Lls75dY/D0R2f0

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

190.192.39.136:80

5.189.168.53:8080

162.241.41.111:7080

190.85.46.52:7080

190.190.15.20:80

181.95.133.104:80

41.212.89.128:80

115.176.16.221:80

143.95.101.72:8080

75.127.14.170:8080

116.202.10.123:8080

74.208.173.91:8080

103.93.220.182:80

50.116.78.109:8080

67.121.104.51:20

180.26.62.115:443

139.59.12.63:8080

76.18.16.210:80

113.161.148.81:80

5.79.70.250:8080

rsa_pubkey.plain

1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAM/TXLLvX91I6dVMYe+T1PPO6mpcg7OJ
3
cMl9o/g4nUhZOp8fAAmQl8XMXeGvDhZXTyX1AXf401iPFui0RB6glhl/7/djvi7j
4
l32lAhyBANpKGty8xf3J5kGwwClnG/CXHQIDAQAB
5
-----END PUBLIC KEY-----

Targets

- Target
  
  d7b102b2eb4580fdc23b900d5a621012_JaffaCakes118
- Size
  
  224KB
- MD5
  
  d7b102b2eb4580fdc23b900d5a621012
- SHA1
  
  1f613b6628c842b9699977d8da5a5698b2f3baec
- SHA256
  
  b0e0860c554581b68f3e2857f5dd61ca5a416bbddbb1383e5e03d1c9f7689c60
- SHA512
  
  9c3b13fb47355d94d9c62544c8d3b4ad8a6d1b2f5e029f95d04627617f9e250413e47b3db6450835b83d06bc12ddc8df407d87c14276b8f906964d99e91eec17
- SSDEEP
  
  3072:Ofl9ZDkp/eLwpK6aibhsTbnx+KJU9FKOi4CK57HlsxNdytGAIrc/DU/RUtf/s:OBDkOwA6adxHqiFK5Lls75dY/D0R2f0
Score

10^/10

emotet epoch3 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet payload

Executes dropped EXE

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.