emotet

General

Target

JaffaCakes118_833e2ba70345b042c903de3d02bbb7509ec574ebe01282625f5ee5705710debc
Size

72KB
Sample

241223-ynq2yszjew
MD5

90097835cb3f9cf1b5d8c3b434a087fd
SHA1

4bb9f66af319e86a35db3e7b142949028117fb6f
SHA256

833e2ba70345b042c903de3d02bbb7509ec574ebe01282625f5ee5705710debc
SHA512

c2f11d2fec194779fcaaaffd4f3720f89775ab9793c5bc77ecff33064f1b3672d7c3548c93f942891f90eca1b767f37336aa2534e4b73be558cb99efee6bba75
SSDEEP

768:C0Zzo2xDoZm3DAZvExxyl5FHupK5YVNfDi9nk0mrxae9R5UT6Arws+Od2iN:1Z0iAZUx86UY3Di91md79R5m6Aw2d2i

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

112.78.142.170:80

178.128.14.92:8080

178.238.232.46:443

185.142.236.163:443

192.210.217.94:8080

192.241.220.183:8080

105.209.235.113:8080

182.187.139.200:8080

188.0.135.237:80

201.213.177.139:80

31.146.61.34:80

202.5.47.71:80

81.17.93.134:80

192.163.221.191:8080

97.104.107.190:80

201.235.10.215:80

181.114.114.203:80

51.38.201.19:7080

46.32.229.152:8080

177.144.130.105:443

rsa_pubkey.plain

Targets

- Target
  
  JaffaCakes118_833e2ba70345b042c903de3d02bbb7509ec574ebe01282625f5ee5705710debc
- Size
  
  72KB
- MD5
  
  90097835cb3f9cf1b5d8c3b434a087fd
- SHA1
  
  4bb9f66af319e86a35db3e7b142949028117fb6f
- SHA256
  
  833e2ba70345b042c903de3d02bbb7509ec574ebe01282625f5ee5705710debc
- SHA512
  
  c2f11d2fec194779fcaaaffd4f3720f89775ab9793c5bc77ecff33064f1b3672d7c3548c93f942891f90eca1b767f37336aa2534e4b73be558cb99efee6bba75
- SSDEEP
  
  768:C0Zzo2xDoZm3DAZvExxyl5FHupK5YVNfDi9nk0mrxae9R5UT6Arws+Od2iN:1Z0iAZUx86UY3Di91md79R5m6Aw2d2i
Score

10^/10

emotet epoch3 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2