emotet

General

Target

f66c59a54de4227b09c1f90e48ab0eb9_JaffaCakes118
Size

460KB
Sample

240925-t4ml9avhpr
MD5

f66c59a54de4227b09c1f90e48ab0eb9
SHA1

0db13f17f2cc0b7adc9d3d0f002ecd415a85e5a1
SHA256

9c8ed4959181511d31b064b4c2db7508126bac27934d9c155e6ecb5665e3ea5d
SHA512

d8bd8e918f1fdfce85cb05c939e1e3a1cab235316a57f394c5bd9a4605ba255d6f87071ff7fd48613e7dd20aa6dede6d5c728ba95ec4ec1da3f53bb86aa4e9c6
SSDEEP

6144:d8WNXb6O5ZTWcDxKoAS7FXg8k/90x/WvKFqL7sQQyoVbY5KjCJwpWMcL:d8c5WWKg1g8NQvKF4fou5p3

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

190.158.19.141:80

139.5.237.27:443

201.214.74.71:80

80.240.141.141:7080

185.187.198.10:8080

46.41.134.46:8080

178.249.187.151:8080

217.199.160.224:8080

123.168.4.66:22

201.184.65.229:80

190.221.50.210:8080

119.59.124.163:8080

212.71.237.140:8080

109.169.86.13:8080

190.19.42.131:80

190.230.60.129:80

190.1.37.125:443

62.75.143.100:7080

203.25.159.3:8080

87.106.77.40:7080

rsa_pubkey.plain

Targets

- Target
  
  f66c59a54de4227b09c1f90e48ab0eb9_JaffaCakes118
- Size
  
  460KB
- MD5
  
  f66c59a54de4227b09c1f90e48ab0eb9
- SHA1
  
  0db13f17f2cc0b7adc9d3d0f002ecd415a85e5a1
- SHA256
  
  9c8ed4959181511d31b064b4c2db7508126bac27934d9c155e6ecb5665e3ea5d
- SHA512
  
  d8bd8e918f1fdfce85cb05c939e1e3a1cab235316a57f394c5bd9a4605ba255d6f87071ff7fd48613e7dd20aa6dede6d5c728ba95ec4ec1da3f53bb86aa4e9c6
- SSDEEP
  
  6144:d8WNXb6O5ZTWcDxKoAS7FXg8k/90x/WvKFqL7sQQyoVbY5KjCJwpWMcL:d8c5WWKg1g8NQvKF4fou5p3
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2