emotet

General

Target

ee583c23f6aea7ad8bbc1398c9d157a6_JaffaCakes118
Size

336KB
Sample

240920-yzl75swbpn
MD5

ee583c23f6aea7ad8bbc1398c9d157a6
SHA1

8f09cbd56b7c1ad424b02ea9ff77c4a9087adfa8
SHA256

9b2d2f5b95f4b174fd2d23546397f396709ea74c7faff084ed3ee23ae034d177
SHA512

2d18cac56f6ceff784ad94d0e8c2511d0f8ecfd4c77d8d4b85f76fa0dfd8e3d4316613fb90b0214f93afda0bd6990bcadbc73f68db6123963f6eac930cfc31b6
SSDEEP

6144:H6RABINtOofnGFxg9930Rgr35LvHdv9cObVSa6frUnPx:HyABIN8oIg9FP+OGYnP

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

66.209.97.122:8080

174.77.190.137:8080

104.137.176.186:80

165.227.156.155:443

167.99.105.223:7080

67.225.179.64:8080

176.31.200.130:8080

5.196.74.210:8080

82.155.161.203:80

101.187.247.29:80

120.150.246.241:80

73.11.153.178:8080

91.205.215.66:443

70.46.247.81:80

24.93.212.32:80

139.130.241.252:443

70.175.171.251:80

217.160.182.191:8080

104.236.246.93:8080

98.24.231.64:80

rsa_pubkey.plain

Targets

- Target
  
  ee583c23f6aea7ad8bbc1398c9d157a6_JaffaCakes118
- Size
  
  336KB
- MD5
  
  ee583c23f6aea7ad8bbc1398c9d157a6
- SHA1
  
  8f09cbd56b7c1ad424b02ea9ff77c4a9087adfa8
- SHA256
  
  9b2d2f5b95f4b174fd2d23546397f396709ea74c7faff084ed3ee23ae034d177
- SHA512
  
  2d18cac56f6ceff784ad94d0e8c2511d0f8ecfd4c77d8d4b85f76fa0dfd8e3d4316613fb90b0214f93afda0bd6990bcadbc73f68db6123963f6eac930cfc31b6
- SSDEEP
  
  6144:H6RABINtOofnGFxg9930Rgr35LvHdv9cObVSa6frUnPx:HyABIN8oIg9FP+OGYnP
Score

10^/10

emotet epoch2 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2