emotet

General

Target

ed91f020ac4d921f4fd9ad1ea903b75f_JaffaCakes118
Size

323KB
Sample

240920-pgwjeswenl
MD5

ed91f020ac4d921f4fd9ad1ea903b75f
SHA1

6236074bd2fbf7f59105796521386cd6b4d20629
SHA256

2d3339830687dfa3a6a80d125acd4a81190e1775f5a54b2dd36125844e3e19f0
SHA512

c6cb4f4391e410e9eaeb2ffd6db75b13b2307dbaafd49b12810daa3da30fd24d4f62c7851b8bc21898a67a6379dc033277bd392136b203c04fd205473e32279a
SSDEEP

6144:ivGO3yl828vcPv2yv8vrvvvLvvvLvvvrvvvLvvvrvjvrvTPnbH7fvTv1KQOOU0qy:G1y6KJ05

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

172.105.11.15:8080

91.121.116.137:443

80.79.23.144:443

138.201.140.110:8080

95.128.43.213:8080

190.228.72.244:53

185.94.252.13:443

37.157.194.134:443

45.79.188.67:8080

27.4.80.183:443

80.11.163.139:443

152.89.236.214:8080

62.75.187.192:8080

189.209.217.49:80

190.106.97.230:443

222.214.218.192:8080

63.142.253.122:8080

206.189.98.125:8080

181.31.213.158:8080

78.24.219.147:8080

rsa_pubkey.plain

Targets

- Target
  
  ed91f020ac4d921f4fd9ad1ea903b75f_JaffaCakes118
- Size
  
  323KB
- MD5
  
  ed91f020ac4d921f4fd9ad1ea903b75f
- SHA1
  
  6236074bd2fbf7f59105796521386cd6b4d20629
- SHA256
  
  2d3339830687dfa3a6a80d125acd4a81190e1775f5a54b2dd36125844e3e19f0
- SHA512
  
  c6cb4f4391e410e9eaeb2ffd6db75b13b2307dbaafd49b12810daa3da30fd24d4f62c7851b8bc21898a67a6379dc033277bd392136b203c04fd205473e32279a
- SSDEEP
  
  6144:ivGO3yl828vcPv2yv8vrvvvLvvvLvvvrvvvLvvvrvjvrvTPnbH7fvTv1KQOOU0qy:G1y6KJ05
Score

10^/10

emotet epoch2 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Unexpected DNS network traffic destination

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2