emotet

General

Target

d9aea1808b962883245ea6581deb0c5c_JaffaCakes118
Size

668KB
Sample

240911-fyd62avfmb
MD5

d9aea1808b962883245ea6581deb0c5c
SHA1

ea3af98ae0e0e2acf8612b822750efdaa2776edf
SHA256

925d78b62e70df4dbdf0f1eb8657bd04c9bda7e6564b768cfb37fd3f03c43b76
SHA512

1836efb6adcbab8f621894fc977e8181415b872bc12d780a50f50e65b7f7566066394937191b1cc5b10ec4a30346e681a6d8eb1345e7bf867eca213e9c482e26
SSDEEP

6144:gdiE4zqXVY7PfBHnzA0F3JhJx4eS5nNMTy5fkLaMiLgLWL7SqaaYo5wzPLNQOIeG:gdw7hHnzAe3oe6nZ6zEPaexL62

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

202.22.141.45:80

37.187.161.206:8080

202.29.239.162:443

80.87.201.221:7080

82.76.111.249:443

216.47.196.104:80

192.241.143.52:8080

192.81.38.31:80

87.106.253.248:8080

64.201.88.132:80

192.241.146.84:8080

12.162.84.2:8080

1.226.84.243:8080

177.129.17.170:443

202.134.4.210:7080

70.169.17.134:80

152.169.22.67:80

5.196.35.138:7080

138.97.60.141:7080

203.205.28.68:80

rsa_pubkey.plain

1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOZ9fLJ8UrI0OZURpPsR3eijAyfPj3z6
3
uS75f2igmYFW2aWgNcFIzsAYQleKzD0nlCFHOo7Zf8/4wY2UW0CJ4dJEHnE/PHlz
4
6uNk3pxjm7o4eCDyiJbzf+k0Azjl0q54FQIDAQAB
5
-----END PUBLIC KEY-----

Targets

- Target
  
  d9aea1808b962883245ea6581deb0c5c_JaffaCakes118
- Size
  
  668KB
- MD5
  
  d9aea1808b962883245ea6581deb0c5c
- SHA1
  
  ea3af98ae0e0e2acf8612b822750efdaa2776edf
- SHA256
  
  925d78b62e70df4dbdf0f1eb8657bd04c9bda7e6564b768cfb37fd3f03c43b76
- SHA512
  
  1836efb6adcbab8f621894fc977e8181415b872bc12d780a50f50e65b7f7566066394937191b1cc5b10ec4a30346e681a6d8eb1345e7bf867eca213e9c482e26
- SSDEEP
  
  6144:gdiE4zqXVY7PfBHnzA0F3JhJx4eS5nNMTy5fkLaMiLgLWL7SqaaYo5wzPLNQOIeG:gdw7hHnzAe3oe6nZ6zEPaexL62
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet payload

Executes dropped EXE

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.