emotet

General

Target

da4e888ddb2802a99902ee8e4ef31faf_JaffaCakes118
Size

632KB
Sample

240911-n7yk2aygqp
MD5

da4e888ddb2802a99902ee8e4ef31faf
SHA1

6c0bc9ff40d3617eff872e7b5d32f590acf71c84
SHA256

74d5968f2dd70567b9a74948ef389d7291955713f93c843a371d5b63a527eeb5
SHA512

44be3f4a891414bbebcdb5cb83762652cb793fc9126411a0cf819db7563cab05c2a64cc211ff11fa3665a1375be9cbb18edb8cbfbcd27f41eb3629117a18c045
SSDEEP

12288:RphSRoPQfYGRWDr/ZxQko0WYNkjC9smpNNH:RHL6WDDWY6UN5

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

54.38.94.197:8080

192.161.190.171:8080

80.93.48.49:7080

222.239.249.166:443

201.196.15.79:990

37.59.24.25:8080

113.52.135.33:7080

172.104.70.207:8080

217.26.163.82:7080

216.75.37.196:8080

157.7.164.178:8081

212.129.14.27:8080

198.57.217.170:8080

186.66.224.182:990

119.159.150.176:443

181.197.108.171:443

191.100.24.201:50000

95.216.212.157:8080

187.177.155.123:990

190.189.79.73:80

rsa_pubkey.plain

Targets

- Target
  
  da4e888ddb2802a99902ee8e4ef31faf_JaffaCakes118
- Size
  
  632KB
- MD5
  
  da4e888ddb2802a99902ee8e4ef31faf
- SHA1
  
  6c0bc9ff40d3617eff872e7b5d32f590acf71c84
- SHA256
  
  74d5968f2dd70567b9a74948ef389d7291955713f93c843a371d5b63a527eeb5
- SHA512
  
  44be3f4a891414bbebcdb5cb83762652cb793fc9126411a0cf819db7563cab05c2a64cc211ff11fa3665a1375be9cbb18edb8cbfbcd27f41eb3629117a18c045
- SSDEEP
  
  12288:RphSRoPQfYGRWDr/ZxQko0WYNkjC9smpNNH:RHL6WDDWY6UN5
Score

10^/10

emotet epoch3 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2