emotet

General

Target

e5d60d5343d093fc02110d5d90202f4c_JaffaCakes118
Size

792KB
Sample

240917-ar5shsxglj
MD5

e5d60d5343d093fc02110d5d90202f4c
SHA1

907b82830d9ad86097d8be972d1ed6eb70cff438
SHA256

e4ae9602b25447d12b6b9d5cd9d62ce10f0fd8601d8578fff1fff06d85466f0e
SHA512

53bd0f092837226d4f83212d3dcea039aa320a65b779c420572b7b47721df834e74ead1a0555674c2b24f0cb77425c6d3231bf4f40a89bc0af4b5d8a5bedb3a2
SSDEEP

12288:vfLZ6TmNPhKBEHvoxur/QgkFhqociZhj66kUXm9zzMVvL4vHOBZ:IBKUI/d4K+hjzXBd0

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

75.139.38.211:80

74.207.230.187:8080

115.79.195.246:80

143.95.101.72:8080

179.5.118.12:80

181.134.9.162:80

78.188.170.128:80

178.33.167.120:8080

190.164.75.175:80

201.214.108.231:80

46.32.229.152:8080

77.74.78.80:443

157.7.164.178:8081

181.113.229.139:443

220.128.125.18:80

192.210.217.94:8080

46.49.124.53:80

185.142.236.163:443

203.153.216.178:7080

45.118.136.92:8080

rsa_pubkey.plain

Targets

- Target
  
  e5d60d5343d093fc02110d5d90202f4c_JaffaCakes118
- Size
  
  792KB
- MD5
  
  e5d60d5343d093fc02110d5d90202f4c
- SHA1
  
  907b82830d9ad86097d8be972d1ed6eb70cff438
- SHA256
  
  e4ae9602b25447d12b6b9d5cd9d62ce10f0fd8601d8578fff1fff06d85466f0e
- SHA512
  
  53bd0f092837226d4f83212d3dcea039aa320a65b779c420572b7b47721df834e74ead1a0555674c2b24f0cb77425c6d3231bf4f40a89bc0af4b5d8a5bedb3a2
- SSDEEP
  
  12288:vfLZ6TmNPhKBEHvoxur/QgkFhqociZhj66kUXm9zzMVvL4vHOBZ:IBKUI/d4K+hjzXBd0
Score

10^/10

emotet epoch3 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet payload

Executes dropped EXE

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2