emotet

General

Target

de4609fdcdad125d944f2504bc374889_JaffaCakes118
Size

390KB
Sample

240913-n3wwmszhpd
MD5

de4609fdcdad125d944f2504bc374889
SHA1

59fc73bc9005f8e3224e23b1ecf1f3423e4fecbe
SHA256

ffdc4b27517629aee22754c01eb4aa1d572f656e285324f8201c3674591cd3a1
SHA512

d612f9a58865150ee7a41a3e956c13d104f8643ffe19752eb2106fcf135d02105ca9ddb46d423d84422fdbd1d5551a48435c9d23c5160cb1dbf276a45ef6cbb8
SSDEEP

6144:IR7HRkYGs6z+X0HXttHtGTm7qaswyxZ7TowyPUzRILCWzLpWMVHx/9F3rNkFWV9:zY76xtxta9vxZ7TPy8RbW/MMf6cL

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

190.56.255.118:80

139.130.241.252:443

58.171.42.66:8080

108.179.206.219:8080

59.110.18.236:443

45.56.88.91:443

206.81.10.215:8080

167.71.10.37:8080

173.70.81.77:80

118.201.230.249:80

159.65.25.128:8080

59.103.164.174:80

191.92.209.110:7080

192.241.255.77:8080

181.31.213.158:8080

190.53.135.159:21

107.170.24.125:8080

201.184.105.242:443

183.102.238.69:465

190.108.228.48:990

rsa_pubkey.plain

Targets

- Target
  
  de4609fdcdad125d944f2504bc374889_JaffaCakes118
- Size
  
  390KB
- MD5
  
  de4609fdcdad125d944f2504bc374889
- SHA1
  
  59fc73bc9005f8e3224e23b1ecf1f3423e4fecbe
- SHA256
  
  ffdc4b27517629aee22754c01eb4aa1d572f656e285324f8201c3674591cd3a1
- SHA512
  
  d612f9a58865150ee7a41a3e956c13d104f8643ffe19752eb2106fcf135d02105ca9ddb46d423d84422fdbd1d5551a48435c9d23c5160cb1dbf276a45ef6cbb8
- SSDEEP
  
  6144:IR7HRkYGs6z+X0HXttHtGTm7qaswyxZ7TowyPUzRILCWzLpWMVHx/9F3rNkFWV9:zY76xtxta9vxZ7TPy8RbW/MMf6cL
Score

10^/10

emotet epoch2 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2