emotet

General

Target

d80ac0bdd070bb0d8ebd15d8d445bee8_JaffaCakes118
Size

564KB
Sample

240910-l4yqhsyamm
MD5

d80ac0bdd070bb0d8ebd15d8d445bee8
SHA1

cfd16e3314d35aae73d0f9ce37adb4fd9090dbd9
SHA256

53a39cac95df5873549dbf3c3c55a98c7d7fea9f09c9d5a32e27754941762fc8
SHA512

67470fcfc9c0c2d19e9208208305c2321df31775311874068a0b07c1e8ab999b36dcf39ee416aa03ce1b9d5920d16eb441186ae93e3ef69122e66b878cf19cd2
SSDEEP

6144:xD1y69ghIcyyePClPJ9rxffwdeXV4q2IQS7SdfyktPFLNJI4HmzxHv1LU+D:rz98I3PwBNl/2IGycFLNJ7HCxHvX

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

125.99.61.162:7080

94.183.71.206:7080

91.83.93.105:8080

216.98.148.181:8080

68.183.190.199:8080

170.84.133.72:7080

139.5.237.27:443

5.77.13.70:80

46.29.183.211:8080

46.41.151.103:8080

182.188.39.68:80

170.84.133.72:8443

186.83.133.253:8080

46.28.111.142:7080

62.75.160.178:8080

178.79.163.131:8080

190.104.253.234:990

149.62.173.247:8080

178.249.187.151:8080

81.169.140.14:443

rsa_pubkey.plain

Targets

- Target
  
  d80ac0bdd070bb0d8ebd15d8d445bee8_JaffaCakes118
- Size
  
  564KB
- MD5
  
  d80ac0bdd070bb0d8ebd15d8d445bee8
- SHA1
  
  cfd16e3314d35aae73d0f9ce37adb4fd9090dbd9
- SHA256
  
  53a39cac95df5873549dbf3c3c55a98c7d7fea9f09c9d5a32e27754941762fc8
- SHA512
  
  67470fcfc9c0c2d19e9208208305c2321df31775311874068a0b07c1e8ab999b36dcf39ee416aa03ce1b9d5920d16eb441186ae93e3ef69122e66b878cf19cd2
- SSDEEP
  
  6144:xD1y69ghIcyyePClPJ9rxffwdeXV4q2IQS7SdfyktPFLNJI4HmzxHv1LU+D:rz98I3PwBNl/2IGycFLNJ7HCxHvX
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2