emotet

General

Target

ff802112ca9bbbfe5d2328d24f4b07c2_JaffaCakes118
Size

505KB
Sample

240929-3h6bxawckn
MD5

ff802112ca9bbbfe5d2328d24f4b07c2
SHA1

2fa4951b351be2b199532be0e86b8bb27481d315
SHA256

fec623c72a9d4ecf2e3ff84ea41eb133ff4f38f745e402aeca2513814d242f0b
SHA512

9827e694cc7c3ccc21c826122c8295eb914423250f962a4ae3d42c7229d0440d16bd1e2607b44b8b6dfcd7e77400ec87c3fd661359a00783dda9ca6267b7389d
SSDEEP

6144:DaRhOv5KaMqEZD+m6eewOmkGOYQ87wwzcCgZi3lzAOAWPcnLIG8Ztkq66ti9pdZx:wOKhDD6yUGOYQto3lzAOATctkfxeY

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

12.163.208.58:80

45.33.35.74:8080

87.106.253.248:8080

192.241.146.84:8080

190.115.18.139:8080

65.36.62.20:80

170.81.48.2:80

83.169.21.32:7080

185.232.182.218:80

190.2.31.172:80

77.106.157.34:8080

82.230.1.24:80

202.4.58.197:80

201.213.177.139:80

78.249.119.122:80

123.51.47.18:80

77.90.136.129:8080

60.93.23.51:80

152.169.22.67:80

190.117.79.209:80

rsa_pubkey.plain

Targets

- Target
  
  ff802112ca9bbbfe5d2328d24f4b07c2_JaffaCakes118
- Size
  
  505KB
- MD5
  
  ff802112ca9bbbfe5d2328d24f4b07c2
- SHA1
  
  2fa4951b351be2b199532be0e86b8bb27481d315
- SHA256
  
  fec623c72a9d4ecf2e3ff84ea41eb133ff4f38f745e402aeca2513814d242f0b
- SHA512
  
  9827e694cc7c3ccc21c826122c8295eb914423250f962a4ae3d42c7229d0440d16bd1e2607b44b8b6dfcd7e77400ec87c3fd661359a00783dda9ca6267b7389d
- SSDEEP
  
  6144:DaRhOv5KaMqEZD+m6eewOmkGOYQ87wwzcCgZi3lzAOAWPcnLIG8Ztkq66ti9pdZx:wOKhDD6yUGOYQto3lzAOATctkfxeY
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2