emotet

General

Target

JaffaCakes118_5d5076445b08e9a68653dcf8fe53c23439e45843f56c7d1eb1ab5426790e05a4
Size

184KB
Sample

241229-carwfayncq
MD5

cf6bcac50e02901d85de802d1a5f8b58
SHA1

8c56c8e4968b2176442ffd407f5f4b8621fb5f79
SHA256

5d5076445b08e9a68653dcf8fe53c23439e45843f56c7d1eb1ab5426790e05a4
SHA512

50f300b697d6bdb99d515ac0a76bbd1edef6d3f7a451dc5a2f8d6a5520322bb36c4f0329516f81224111db1046886329584799de5d108a8b068aa41348af877f
SSDEEP

3072:ppocVfb++Xuy7YXDxaOhlSNpkxno3mOuTb4vMDc3Ncg/5Z0dKekyOI:DDZ++eNTxyXkucbGMsGS5

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

207.144.103.227:80

94.76.247.61:8080

213.176.36.147:8080

186.103.141.250:443

82.76.111.249:443

172.104.169.32:8080

91.222.77.105:80

185.94.252.27:443

213.60.96.117:80

177.73.0.98:443

58.171.153.81:80

77.55.211.77:8080

143.0.87.101:80

170.81.48.2:80

80.249.176.206:80

114.109.179.60:80

82.196.15.205:8080

73.116.193.136:80

192.241.146.84:8080

5.196.35.138:7080

rsa_pubkey.plain

Targets

- Target
  
  JaffaCakes118_5d5076445b08e9a68653dcf8fe53c23439e45843f56c7d1eb1ab5426790e05a4
- Size
  
  184KB
- MD5
  
  cf6bcac50e02901d85de802d1a5f8b58
- SHA1
  
  8c56c8e4968b2176442ffd407f5f4b8621fb5f79
- SHA256
  
  5d5076445b08e9a68653dcf8fe53c23439e45843f56c7d1eb1ab5426790e05a4
- SHA512
  
  50f300b697d6bdb99d515ac0a76bbd1edef6d3f7a451dc5a2f8d6a5520322bb36c4f0329516f81224111db1046886329584799de5d108a8b068aa41348af877f
- SSDEEP
  
  3072:ppocVfb++Xuy7YXDxaOhlSNpkxno3mOuTb4vMDc3Ncg/5Z0dKekyOI:DDZ++eNTxyXkucbGMsGS5
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2