emotet

General

Target

f3b8225de17d59d0be83316fb62ed331_JaffaCakes118
Size

140KB
Sample

240924-qg66lazbqd
MD5

f3b8225de17d59d0be83316fb62ed331
SHA1

ea0e096e2b0749689973e85232a054cebc82deb9
SHA256

2d91cc9bc16c609f54870dbc450333e6c7ded4fc411263c798abedc17b0b04a1
SHA512

5af5351dd1c63014c6b42f993616b5b7bc76a014dc9572a3db6abc1d362cfe8232a9f2d088ba8240deac8b67431b29cc6734d4bd3d6bd590b316b4eb8d4f86ed
SSDEEP

3072:Yxn8bGUxSPuZ9ygrQlQA0u1xRoLh9zveCUg1:Yl8bGUWs0louPIjzveCUg1

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

74.208.125.192:443

165.227.156.155:443

104.239.175.211:8080

67.225.179.64:8080

46.105.131.87:80

45.33.49.124:443

183.102.238.69:465

190.51.63.1:80

87.106.139.101:8080

78.24.219.147:8080

86.22.221.170:80

94.205.247.10:80

31.12.67.62:7080

190.145.67.134:8090

87.230.19.21:8080

179.12.170.148:8080

5.196.74.210:8080

181.57.193.14:80

182.176.132.213:8090

173.249.47.77:8080

rsa_pubkey.plain

Targets

- Target
  
  f3b8225de17d59d0be83316fb62ed331_JaffaCakes118
- Size
  
  140KB
- MD5
  
  f3b8225de17d59d0be83316fb62ed331
- SHA1
  
  ea0e096e2b0749689973e85232a054cebc82deb9
- SHA256
  
  2d91cc9bc16c609f54870dbc450333e6c7ded4fc411263c798abedc17b0b04a1
- SHA512
  
  5af5351dd1c63014c6b42f993616b5b7bc76a014dc9572a3db6abc1d362cfe8232a9f2d088ba8240deac8b67431b29cc6734d4bd3d6bd590b316b4eb8d4f86ed
- SSDEEP
  
  3072:Yxn8bGUxSPuZ9ygrQlQA0u1xRoLh9zveCUg1:Yl8bGUWs0louPIjzveCUg1
Score

10^/10

emotet epoch2 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2