emotet

General

Target

edfeef3b0076dbee640f43ea365b5e3c_JaffaCakes118
Size

188KB
Sample

240920-t3dmyswgmm
MD5

edfeef3b0076dbee640f43ea365b5e3c
SHA1

79ca0c6dc6c032df7aeaa1e41c36e3b57e026775
SHA256

647ab7a0ed1c9d60ed9fa060f5dba4ccdc5066b719010527a06bfee5b79a4276
SHA512

b56574b28f3fb5adf4d8e413a51ec121a9dcb9e73fdbd31f4e7a47c21e73f2d42786c66f8c06d2866f251967375831dc2d640693cf55bc2a2548551eacc66736
SSDEEP

3072:0OGsnOk0djznKX7WZ6Aa2KkcNaQ2v+xHOj0g9Ja1BfNieLrFKFEJE:D08rnDdH2KHOwb1HxLRL

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

174.113.69.136:80

51.38.124.206:80

82.196.15.205:8080

38.88.126.202:8080

190.115.18.139:8080

98.13.75.196:80

181.30.61.163:443

82.76.111.249:443

181.129.96.162:8080

74.58.215.226:80

68.69.155.181:80

188.135.15.49:80

190.163.31.26:80

50.121.220.50:80

51.159.23.217:443

2.47.112.152:80

185.215.227.107:443

217.13.106.14:8080

70.32.115.157:8080

170.81.48.2:80

rsa_pubkey.plain

1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOZ9fLJ8UrI0OZURpPsR3eijAyfPj3z6
3
uS75f2igmYFW2aWgNcFIzsAYQleKzD0nlCFHOo7Zf8/4wY2UW0CJ4dJEHnE/PHlz
4
6uNk3pxjm7o4eCDyiJbzf+k0Azjl0q54FQIDAQAB
5
-----END PUBLIC KEY-----

Targets

- Target
  
  edfeef3b0076dbee640f43ea365b5e3c_JaffaCakes118
- Size
  
  188KB
- MD5
  
  edfeef3b0076dbee640f43ea365b5e3c
- SHA1
  
  79ca0c6dc6c032df7aeaa1e41c36e3b57e026775
- SHA256
  
  647ab7a0ed1c9d60ed9fa060f5dba4ccdc5066b719010527a06bfee5b79a4276
- SHA512
  
  b56574b28f3fb5adf4d8e413a51ec121a9dcb9e73fdbd31f4e7a47c21e73f2d42786c66f8c06d2866f251967375831dc2d640693cf55bc2a2548551eacc66736
- SSDEEP
  
  3072:0OGsnOk0djznKX7WZ6Aa2KkcNaQ2v+xHOj0g9Ja1BfNieLrFKFEJE:D08rnDdH2KHOwb1HxLRL
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.