emotet

General

Target

f6be1a31e603e1527d2348787ffebbeb_JaffaCakes118
Size

323KB
Sample

240925-yjw3eaxenf
MD5

f6be1a31e603e1527d2348787ffebbeb
SHA1

93d380d22a7faabdde8d96c02280d462aa86df66
SHA256

454522f207d5d83a4fb9f1ae40968cf1715ccdf3f59646da4ce4eb05d5f16262
SHA512

25442f531b0ecaeef05d14f83480b4071d34133cf2961337abbef0aa91cc760a6a1cf22a75480769eae3af9a58c247f8db49dd4bef830ab11ccf97514fd2d670
SSDEEP

6144:evGO3yl828vcPv2yv8vrvvvLvvvLvvvrvvvLvvvrvjvrvTPnbH7fvTv1KUOOU0qy:a1y6K105

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

172.105.11.15:8080

91.121.116.137:443

80.79.23.144:443

138.201.140.110:8080

95.128.43.213:8080

190.228.72.244:53

185.94.252.13:443

37.157.194.134:443

45.79.188.67:8080

27.4.80.183:443

80.11.163.139:443

152.89.236.214:8080

62.75.187.192:8080

189.209.217.49:80

190.106.97.230:443

222.214.218.192:8080

63.142.253.122:8080

206.189.98.125:8080

181.31.213.158:8080

78.24.219.147:8080

rsa_pubkey.plain

Targets

- Target
  
  f6be1a31e603e1527d2348787ffebbeb_JaffaCakes118
- Size
  
  323KB
- MD5
  
  f6be1a31e603e1527d2348787ffebbeb
- SHA1
  
  93d380d22a7faabdde8d96c02280d462aa86df66
- SHA256
  
  454522f207d5d83a4fb9f1ae40968cf1715ccdf3f59646da4ce4eb05d5f16262
- SHA512
  
  25442f531b0ecaeef05d14f83480b4071d34133cf2961337abbef0aa91cc760a6a1cf22a75480769eae3af9a58c247f8db49dd4bef830ab11ccf97514fd2d670
- SSDEEP
  
  6144:evGO3yl828vcPv2yv8vrvvvLvvvLvvvrvvvLvvvrvjvrvTPnbH7fvTv1KUOOU0qy:a1y6K105
Score

10^/10

emotet epoch2 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Unexpected DNS network traffic destination

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2