emotet

General

Target

eaab3364520fa151083af0fa47227ef1_JaffaCakes118
Size

668KB
Sample

240919-f5fnfatapk
MD5

eaab3364520fa151083af0fa47227ef1
SHA1

26cef079d130c1696765244a6e5e6c0a90aa8633
SHA256

0deff09ae7a085f5fee028ec5b42a71c8a372a083449652eaf3836f3a3f1d9bd
SHA512

c49b79d0a4c2e403fa9bc76defffd04646fd05a6cebe4f6b469f8ec81fa412140de3da4d9e600002b9b8dfe9be334293ebf107cbb4a33797d098979896f0298e
SSDEEP

6144:gdiE4zqXVY7PfBHnzA0F3JhJx4eS5fNMTy5fkLaMiLgLWL7SqaaYo5wzPLNQOIeG:gdw7hHnzAe3oe6fZ6zEPaexL62

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

202.22.141.45:80

37.187.161.206:8080

202.29.239.162:443

80.87.201.221:7080

82.76.111.249:443

216.47.196.104:80

192.241.143.52:8080

192.81.38.31:80

87.106.253.248:8080

64.201.88.132:80

192.241.146.84:8080

12.162.84.2:8080

1.226.84.243:8080

177.129.17.170:443

202.134.4.210:7080

70.169.17.134:80

152.169.22.67:80

5.196.35.138:7080

138.97.60.141:7080

203.205.28.68:80

rsa_pubkey.plain

Targets

- Target
  
  eaab3364520fa151083af0fa47227ef1_JaffaCakes118
- Size
  
  668KB
- MD5
  
  eaab3364520fa151083af0fa47227ef1
- SHA1
  
  26cef079d130c1696765244a6e5e6c0a90aa8633
- SHA256
  
  0deff09ae7a085f5fee028ec5b42a71c8a372a083449652eaf3836f3a3f1d9bd
- SHA512
  
  c49b79d0a4c2e403fa9bc76defffd04646fd05a6cebe4f6b469f8ec81fa412140de3da4d9e600002b9b8dfe9be334293ebf107cbb4a33797d098979896f0298e
- SSDEEP
  
  6144:gdiE4zqXVY7PfBHnzA0F3JhJx4eS5fNMTy5fkLaMiLgLWL7SqaaYo5wzPLNQOIeG:gdw7hHnzAe3oe6fZ6zEPaexL62
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2