emotet

General

Target

f480cd36270b3acd0b7bd461879a67a6_JaffaCakes118
Size

408KB
Sample

240924-zy86ysydqa
MD5

f480cd36270b3acd0b7bd461879a67a6
SHA1

6530912f38d440ccfb608cc457e25fc185104dd1
SHA256

783c80c7745ae0c83d88cfc32b69b789f17ec6ffcd2d3b11c79c6a4375f0f467
SHA512

d5d3d849e5160f2b949916118a674de4ea9fb7765b0192d8366a3b88792920c6303034cc9db8fd87639e163b22226de3a6c9bb22a1a63c0f50d96a57fe902f01
SSDEEP

6144:3nOIweN7FS+Ei3m/Yiku0sd3jyOfH8sHpenQFUs2ax:3nfweN7e1yOfH8sEQSs2ax

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

128.92.203.42:80

37.187.161.206:8080

202.29.239.162:443

80.87.201.221:7080

190.188.245.242:80

12.163.208.58:80

213.197.182.158:8080

201.213.177.139:80

62.84.75.50:80

45.33.77.42:8080

185.183.16.47:80

78.249.119.122:80

177.129.17.170:443

51.15.7.189:80

152.169.22.67:80

119.106.216.84:80

109.169.12.78:80

51.15.7.145:80

219.92.13.25:80

190.117.79.209:80

rsa_pubkey.plain

Targets

- Target
  
  f480cd36270b3acd0b7bd461879a67a6_JaffaCakes118
- Size
  
  408KB
- MD5
  
  f480cd36270b3acd0b7bd461879a67a6
- SHA1
  
  6530912f38d440ccfb608cc457e25fc185104dd1
- SHA256
  
  783c80c7745ae0c83d88cfc32b69b789f17ec6ffcd2d3b11c79c6a4375f0f467
- SHA512
  
  d5d3d849e5160f2b949916118a674de4ea9fb7765b0192d8366a3b88792920c6303034cc9db8fd87639e163b22226de3a6c9bb22a1a63c0f50d96a57fe902f01
- SSDEEP
  
  6144:3nOIweN7FS+Ei3m/Yiku0sd3jyOfH8sHpenQFUs2ax:3nfweN7e1yOfH8sEQSs2ax
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2