emotet

General

Target

2025-02-21_4ae63b60b3e30a34274b020a2a615d7e_icedid
Size

327KB
Sample

250221-vzc3pawqbl
MD5

4ae63b60b3e30a34274b020a2a615d7e
SHA1

b221ba72200d6299a7e3db8ce2c60168aa848b21
SHA256

4ab427a51e4ca4dea1b570b71a70be365b60f3e8ba06bf50e6d91005c18eb2f4
SHA512

0210f9690a9fc425b7c67ba96fd50ba40bcace55bdf78c663ba0bd5ed638b1e73f8277ce2ea596efc71734847bd52943526461ce08a0911a29c9e7854cac5765
SSDEEP

6144:9BZ2wMIvZsPPiNmauX3ZzHi1HHxTg3VOYqn2sVETCO2QA+xJX7G:p6Pigji1HHtgfPsV8J/i

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

185.215.227.107:443

51.38.124.206:80

38.88.126.202:8080

54.37.42.48:8080

172.104.169.32:8080

68.183.190.199:8080

187.162.248.237:80

82.76.111.249:443

184.66.18.83:80

190.6.193.152:8080

77.238.212.227:80

199.203.62.165:80

188.2.217.94:80

185.94.252.12:80

178.250.54.208:8080

206.15.68.237:443

65.36.62.20:80

216.47.196.104:80

219.92.8.17:8080

213.60.96.117:80

rsa_pubkey.plain

1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOZ9fLJ8UrI0OZURpPsR3eijAyfPj3z6
3
uS75f2igmYFW2aWgNcFIzsAYQleKzD0nlCFHOo7Zf8/4wY2UW0CJ4dJEHnE/PHlz
4
6uNk3pxjm7o4eCDyiJbzf+k0Azjl0q54FQIDAQAB
5
-----END PUBLIC KEY-----

Targets

- Target
  
  2025-02-21_4ae63b60b3e30a34274b020a2a615d7e_icedid
- Size
  
  327KB
- MD5
  
  4ae63b60b3e30a34274b020a2a615d7e
- SHA1
  
  b221ba72200d6299a7e3db8ce2c60168aa848b21
- SHA256
  
  4ab427a51e4ca4dea1b570b71a70be365b60f3e8ba06bf50e6d91005c18eb2f4
- SHA512
  
  0210f9690a9fc425b7c67ba96fd50ba40bcace55bdf78c663ba0bd5ed638b1e73f8277ce2ea596efc71734847bd52943526461ce08a0911a29c9e7854cac5765
- SSDEEP
  
  6144:9BZ2wMIvZsPPiNmauX3ZzHi1HHxTg3VOYqn2sVETCO2QA+xJX7G:p6Pigji1HHtgfPsV8J/i
Score

10^/10

emotet epoch1 banker discovery trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Executes dropped EXE

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.