emotet

General

Target

e96adce24c348a89082e21be2ded5919_JaffaCakes118
Size

140KB
Sample

240918-ss785sygkr
MD5

e96adce24c348a89082e21be2ded5919
SHA1

43cbcc2e94c9c35032a633449544bc230112d111
SHA256

2820b0dd37c7969ca0417dc77766d775c8a29627c3bc7feb766c02a1a4a95bbf
SHA512

afd4c1d51959164e6693e6c5132751e9f70cd22034cdef8cba749cc4a442446b2977df3503c68d5564e1ed51df5204479a149d43e3740260882585f5f0543b8a
SSDEEP

1536:1+NPMRmYB4Vvtn3KP4gtj3vztDEMvhHqUOrHMBk+G5gEt5U+W4pix76P2hJj:oNGuv35gt3tn1V4s6+GvwhC4TJj

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

174.106.122.139:80

159.203.116.47:8080

173.249.6.108:443

104.236.246.93:8080

174.45.13.118:80

137.59.187.107:8080

94.200.114.161:80

37.187.72.193:8080

67.10.155.92:80

121.124.124.40:7080

24.43.99.75:80

75.139.38.211:80

109.74.5.95:8080

137.119.36.33:80

74.134.41.124:80

66.65.136.14:80

94.1.108.190:443

181.169.235.7:80

79.137.83.50:443

104.131.44.150:8080

rsa_pubkey.plain

1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhANQOcBKvh5xEW7VcJ9totsjdBwuAclxS
3
Q0e09fk8V053lktpW3TRrzAW63yt6j1KWnyxMrU3igFXypBoI4lVNmkje4UPtIIS
4
fkzjEIvG1v/ZNn1k0J0PfFTxbFFeUEs3AwIDAQAB
5
-----END PUBLIC KEY-----

Targets

- Target
  
  e96adce24c348a89082e21be2ded5919_JaffaCakes118
- Size
  
  140KB
- MD5
  
  e96adce24c348a89082e21be2ded5919
- SHA1
  
  43cbcc2e94c9c35032a633449544bc230112d111
- SHA256
  
  2820b0dd37c7969ca0417dc77766d775c8a29627c3bc7feb766c02a1a4a95bbf
- SHA512
  
  afd4c1d51959164e6693e6c5132751e9f70cd22034cdef8cba749cc4a442446b2977df3503c68d5564e1ed51df5204479a149d43e3740260882585f5f0543b8a
- SSDEEP
  
  1536:1+NPMRmYB4Vvtn3KP4gtj3vztDEMvhHqUOrHMBk+G5gEt5U+W4pix76P2hJj:oNGuv35gt3tn1V4s6+GvwhC4TJj
Score

10^/10

emotet epoch2 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.