emotet

General

Target

dc8765c4a92d35310a4311b9da990b9b_JaffaCakes118
Size

344KB
Sample

240912-s27c7ssalj
MD5

dc8765c4a92d35310a4311b9da990b9b
SHA1

469ff138eba234d62fedede489e9ed8f249d53b9
SHA256

bed7202e81c96d0dd986427e1ffb03e56127052c3e9918a38ea3c158361a26d7
SHA512

b833a7a3c54c38dd75473cc4d876b5133ab36e4035a6c882c24a7b16ac9b178adb2fc12d8a23ddcc094f73939797f851def6f9a8898ecdf17a8a68bc8068f6ef
SSDEEP

6144:eigTTOKYyDCJPXskJ+EX+/lAAgVH4xckmh1Zf5MiSi8ky:eigTTOnyDQvp+U+/sFkmPZiGy

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

185.234.72.64:443

51.68.220.244:8080

206.81.10.215:8080

206.189.112.148:8080

200.71.148.138:8080

192.81.213.192:8080

189.209.217.49:80

190.53.135.159:21

115.78.95.230:443

94.192.228.255:80

190.147.215.53:22

31.12.67.62:7080

31.31.77.83:443

50.116.86.205:8080

80.11.163.139:21

211.63.71.72:8080

104.131.11.150:8080

103.39.131.88:80

90.77.228.193:8090

46.105.131.87:80

rsa_pubkey.plain

Targets

- Target
  
  dc8765c4a92d35310a4311b9da990b9b_JaffaCakes118
- Size
  
  344KB
- MD5
  
  dc8765c4a92d35310a4311b9da990b9b
- SHA1
  
  469ff138eba234d62fedede489e9ed8f249d53b9
- SHA256
  
  bed7202e81c96d0dd986427e1ffb03e56127052c3e9918a38ea3c158361a26d7
- SHA512
  
  b833a7a3c54c38dd75473cc4d876b5133ab36e4035a6c882c24a7b16ac9b178adb2fc12d8a23ddcc094f73939797f851def6f9a8898ecdf17a8a68bc8068f6ef
- SSDEEP
  
  6144:eigTTOKYyDCJPXskJ+EX+/lAAgVH4xckmh1Zf5MiSi8ky:eigTTOnyDQvp+U+/sFkmPZiGy
Score

10^/10

emotet epoch2 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2