emotet

General

Target

e5e4ca6b0bcfe51f7cfcae97d4d4b8b2_JaffaCakes118
Size

346KB
Sample

240917-c7rlyazhqe
MD5

e5e4ca6b0bcfe51f7cfcae97d4d4b8b2
SHA1

9384b9f23ab2ff98c3d342f9db3151e692964b67
SHA256

e6f57216c90ceaaef7a0c7bf713a9e4d42291f3150a9c45fe5c41a65822b2ec4
SHA512

13a212a6e5a85f09900a05a68d551588c8b7bf2200d8723b9be30d74d36df39b2a1f782e663b3eb165d72b7b85dd33bca0718481636b47a7482d3da11681a614
SSDEEP

3072:o82jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRkcj:72L7HN7Kl/jLA90QECrYRpj

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

84.232.229.24:80

51.255.203.164:8080

217.160.169.110:8080

51.15.7.145:80

177.85.167.10:80

186.177.174.163:80

190.114.254.163:8080

185.183.16.47:80

149.202.72.142:7080

181.30.61.163:443

31.27.59.105:80

50.28.51.143:8080

68.183.190.199:8080

85.214.26.7:8080

137.74.106.111:7080

200.75.39.254:80

85.105.239.184:443

190.45.24.210:80

170.81.48.2:80

109.101.137.162:8080

rsa_pubkey.plain

Targets

- Target
  
  e5e4ca6b0bcfe51f7cfcae97d4d4b8b2_JaffaCakes118
- Size
  
  346KB
- MD5
  
  e5e4ca6b0bcfe51f7cfcae97d4d4b8b2
- SHA1
  
  9384b9f23ab2ff98c3d342f9db3151e692964b67
- SHA256
  
  e6f57216c90ceaaef7a0c7bf713a9e4d42291f3150a9c45fe5c41a65822b2ec4
- SHA512
  
  13a212a6e5a85f09900a05a68d551588c8b7bf2200d8723b9be30d74d36df39b2a1f782e663b3eb165d72b7b85dd33bca0718481636b47a7482d3da11681a614
- SSDEEP
  
  3072:o82jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRkcj:72L7HN7Kl/jLA90QECrYRpj
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2