emotet

General

Target

db4b3f08c12af6179822dfbfa8dce597_JaffaCakes118
Size

95KB
Sample

240911-1wx7cawanf
MD5

db4b3f08c12af6179822dfbfa8dce597
SHA1

7de60eed83c8c3b15ede369f7a7cf220dc08a822
SHA256

fb6063b5cfdac275c6c16cb59972b5f7b6e2b9bb2f1b1734638f451b70a4974e
SHA512

5f0d163c16bef81b77a19b9a54bfc0c62130a80dc344aa752d1bfe70aff3bd78e9e5549c66f64b69f0a5e9e335f25198669da71a78db853ca5d7f39c19ed96c7
SSDEEP

1536:LGSy5eVumHHtuCHZVmOAIb1eW99N+1PM90bpxO7IHyf3+/UARtdfhEPPYaLrn2Vu:CS+KTnYCHZAOAV0+167wMOtdWXYauVu

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

128.92.203.42:80

37.187.161.206:8080

202.29.239.162:443

80.87.201.221:7080

190.188.245.242:80

12.163.208.58:80

213.197.182.158:8080

201.213.177.139:80

62.84.75.50:80

45.33.77.42:8080

185.183.16.47:80

78.249.119.122:80

177.129.17.170:443

51.15.7.189:80

152.169.22.67:80

119.106.216.84:80

109.169.12.78:80

51.15.7.145:80

219.92.13.25:80

190.117.79.209:80

rsa_pubkey.plain

1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOZ9fLJ8UrI0OZURpPsR3eijAyfPj3z6
3
uS75f2igmYFW2aWgNcFIzsAYQleKzD0nlCFHOo7Zf8/4wY2UW0CJ4dJEHnE/PHlz
4
6uNk3pxjm7o4eCDyiJbzf+k0Azjl0q54FQIDAQAB
5
-----END PUBLIC KEY-----

Targets

- Target
  
  db4b3f08c12af6179822dfbfa8dce597_JaffaCakes118
- Size
  
  95KB
- MD5
  
  db4b3f08c12af6179822dfbfa8dce597
- SHA1
  
  7de60eed83c8c3b15ede369f7a7cf220dc08a822
- SHA256
  
  fb6063b5cfdac275c6c16cb59972b5f7b6e2b9bb2f1b1734638f451b70a4974e
- SHA512
  
  5f0d163c16bef81b77a19b9a54bfc0c62130a80dc344aa752d1bfe70aff3bd78e9e5549c66f64b69f0a5e9e335f25198669da71a78db853ca5d7f39c19ed96c7
- SSDEEP
  
  1536:LGSy5eVumHHtuCHZVmOAIb1eW99N+1PM90bpxO7IHyf3+/UARtdfhEPPYaLrn2Vu:CS+KTnYCHZAOAV0+167wMOtdWXYauVu
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.