emotet

General

Target

2025-02-27_17a566a279a3d4fa681b9fe63e83a365_icedid_ramnit
Size

384KB
Sample

250227-g8kl8sytey
MD5

17a566a279a3d4fa681b9fe63e83a365
SHA1

4f5cfd51ac38ecbf000934378021301416bec5d4
SHA256

02c545872baa3b65bcc706534602de4872a008775f9e988cc0d39bfb8609cdb7
SHA512

c4838630c3950824f550dd4237d6d123424d7e25ae740dbf11f1b33542645f585cdbca1ce0b7a63e9a77cc322c68c213665a75e5b79bbe17eff1ad4dad464a6c
SSDEEP

6144:sD3MtP2xXEeeWFEuC3h93Fx8u2qEuIE2T9Iyo/Q0VNhEeGbfUTpYDDmu/+3fbB:sJxaUCh93FxmuIE2Vo/tdG+pG/YB

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

219.92.13.25:80

91.236.4.234:443

192.241.143.52:8080

186.3.232.68:80

192.241.146.84:8080

12.162.84.2:8080

50.28.51.143:8080

221.133.46.86:443

185.94.252.27:443

114.109.179.60:80

186.33.141.88:80

172.104.169.32:8080

184.57.130.8:80

177.139.131.143:443

77.55.211.77:8080

81.169.202.3:443

72.47.248.48:7080

212.71.237.140:8080

190.229.148.144:80

178.79.163.131:8080

rsa_pubkey.plain

Targets

- Target
  
  2025-02-27_17a566a279a3d4fa681b9fe63e83a365_icedid_ramnit
- Size
  
  384KB
- MD5
  
  17a566a279a3d4fa681b9fe63e83a365
- SHA1
  
  4f5cfd51ac38ecbf000934378021301416bec5d4
- SHA256
  
  02c545872baa3b65bcc706534602de4872a008775f9e988cc0d39bfb8609cdb7
- SHA512
  
  c4838630c3950824f550dd4237d6d123424d7e25ae740dbf11f1b33542645f585cdbca1ce0b7a63e9a77cc322c68c213665a75e5b79bbe17eff1ad4dad464a6c
- SSDEEP
  
  6144:sD3MtP2xXEeeWFEuC3h93Fx8u2qEuIE2T9Iyo/Q0VNhEeGbfUTpYDDmu/+3fbB:sJxaUCh93FxmuIE2Vo/tdG+pG/YB
Score

10^/10

emotet ramnit epoch1 banker discovery spyware stealer trojan upx worm
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Ramnit

Ramnit family

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2