emotet

General

Target

e1880c02d31c7c2516de453d9a2b65c8_JaffaCakes118
Size

540KB
Sample

240915-cz7m7a1end
MD5

e1880c02d31c7c2516de453d9a2b65c8
SHA1

446f8e6641f7506956b3911a1bd4baab5ac2b494
SHA256

d9c346f01f30a157082337c42002739eed034cfac31e5cd506c3e035030b6125
SHA512

47aca2cd91620bc4b06e03a9521480f28182dc76a9cfe4a00326cfc6a6c5f550fffbe0814cb3c7786f5ec5466e09dcc90fc310a582d83ec586a31ca2f082fa3f
SSDEEP

6144:ep3L2QXYf/A90xnOXmXDAfQ/FIN8NhwtXj3HiIWJrGlF:z4Yn5xnOXoG+FIYmHu8lF

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

190.16.101.10:80

190.217.1.149:80

45.56.122.75:80

85.25.92.96:8080

94.177.253.126:80

187.188.166.192:80

192.241.220.183:8080

189.132.130.111:8080

186.109.91.136:80

186.92.11.143:8080

203.99.182.135:443

91.109.5.28:8080

70.32.94.58:8080

70.45.30.28:80

203.99.187.137:443

190.228.212.165:50000

51.38.134.203:8080

203.99.188.11:443

184.82.233.15:80

154.120.227.206:8080

rsa_pubkey.plain

Targets

- Target
  
  e1880c02d31c7c2516de453d9a2b65c8_JaffaCakes118
- Size
  
  540KB
- MD5
  
  e1880c02d31c7c2516de453d9a2b65c8
- SHA1
  
  446f8e6641f7506956b3911a1bd4baab5ac2b494
- SHA256
  
  d9c346f01f30a157082337c42002739eed034cfac31e5cd506c3e035030b6125
- SHA512
  
  47aca2cd91620bc4b06e03a9521480f28182dc76a9cfe4a00326cfc6a6c5f550fffbe0814cb3c7786f5ec5466e09dcc90fc310a582d83ec586a31ca2f082fa3f
- SSDEEP
  
  6144:ep3L2QXYf/A90xnOXmXDAfQ/FIN8NhwtXj3HiIWJrGlF:z4Yn5xnOXoG+FIYmHu8lF
Score

10^/10

emotet epoch3 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2