emotet

General

Target

JaffaCakes118_15a3e524fdb470ada7c42798dbb3f9869a157402b9093873f1793d01e26fc6b9
Size

219KB
Sample

241230-xkts1atncr
MD5

306db74260d865944b41f4bef90c65cc
SHA1

6d36ec1151ccca145ed3f0443ec6a5d925f91600
SHA256

15a3e524fdb470ada7c42798dbb3f9869a157402b9093873f1793d01e26fc6b9
SHA512

79b813b32a27a0ddfae20dcc639ef9870dc3cadf8f9ba8c1be19e826ae1b0749407d03c3ce54c8370f228d2ced18be98c9da9362d747e42454eed89a82ebe250
SSDEEP

6144:n2OAxKIiawQSu3IF9UtNRW9l1QAVzEAvv2OqsPa4HT0i4LFMEJf8Me5w6B:nvIiawQSu3IF9UtNRW9l1QAVzEU+OZ3D

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

67.163.161.107:80

107.170.146.252:8080

173.212.214.235:7080

167.114.153.111:8080

185.94.252.104:443

110.142.236.207:80

194.187.133.160:443

218.147.193.146:80

172.104.97.173:8080

216.139.123.119:80

50.91.114.38:80

202.134.4.211:8080

113.61.66.94:80

139.99.158.11:443

62.171.142.179:8080

37.139.21.175:8080

190.108.228.27:443

94.23.237.171:443

154.91.33.137:443

201.241.127.190:80

rsa_pubkey.plain

Targets

- Target
  
  JaffaCakes118_15a3e524fdb470ada7c42798dbb3f9869a157402b9093873f1793d01e26fc6b9
- Size
  
  219KB
- MD5
  
  306db74260d865944b41f4bef90c65cc
- SHA1
  
  6d36ec1151ccca145ed3f0443ec6a5d925f91600
- SHA256
  
  15a3e524fdb470ada7c42798dbb3f9869a157402b9093873f1793d01e26fc6b9
- SHA512
  
  79b813b32a27a0ddfae20dcc639ef9870dc3cadf8f9ba8c1be19e826ae1b0749407d03c3ce54c8370f228d2ced18be98c9da9362d747e42454eed89a82ebe250
- SSDEEP
  
  6144:n2OAxKIiawQSu3IF9UtNRW9l1QAVzEAvv2OqsPa4HT0i4LFMEJf8Me5w6B:nvIiawQSu3IF9UtNRW9l1QAVzEU+OZ3D
Score

10^/10

emotet epoch2 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Emotet payload
  Detects Emotet payload in memory.
  trojan banker
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Emotet payload

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2