emotet

General

Target

2025-02-27_de5fec8605a9a097c4c4924001c07c3b_icedid_ramnit
Size

388KB
Sample

250227-h7jh8a1nt8
MD5

de5fec8605a9a097c4c4924001c07c3b
SHA1

cf994cded4b55c27b8ee6e22ff02ee0276bdc5c7
SHA256

501d2c6c805985cf0c636469c9a18648431d069c6815ab7d94fd037c39b5ed31
SHA512

d7727d59f6c9836d365d1bbfe147e329d939786269d54c0dd25f7f8ce6264796259a1bfd7e53f49198b34a3105164a884099eadaaf39a11bf91582e0476bf401
SSDEEP

6144:PBsIbV9lPUQhC2H+R1gFm0zBT+kjV1oR1eGbfUTpYDDmu/+3fbF:WQV9lMQH+R1z0Vv1oR4G+pG/YF

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

79.7.158.208:80

46.105.131.87:80

209.141.54.221:8080

78.189.165.52:8080

37.139.21.175:8080

98.15.140.226:80

103.86.49.11:8080

41.60.200.34:80

190.55.181.54:443

120.151.135.224:80

162.154.38.103:80

60.130.173.117:80

5.196.74.210:8080

46.105.131.79:8080

168.235.67.138:7080

24.1.189.87:8080

95.213.236.64:8080

74.208.45.104:8080

41.215.92.157:80

87.106.139.101:8080

rsa_pubkey.plain

Targets

- Target
  
  2025-02-27_de5fec8605a9a097c4c4924001c07c3b_icedid_ramnit
- Size
  
  388KB
- MD5
  
  de5fec8605a9a097c4c4924001c07c3b
- SHA1
  
  cf994cded4b55c27b8ee6e22ff02ee0276bdc5c7
- SHA256
  
  501d2c6c805985cf0c636469c9a18648431d069c6815ab7d94fd037c39b5ed31
- SHA512
  
  d7727d59f6c9836d365d1bbfe147e329d939786269d54c0dd25f7f8ce6264796259a1bfd7e53f49198b34a3105164a884099eadaaf39a11bf91582e0476bf401
- SSDEEP
  
  6144:PBsIbV9lPUQhC2H+R1gFm0zBT+kjV1oR1eGbfUTpYDDmu/+3fbF:WQV9lMQH+R1z0Vv1oR4G+pG/YF
Score

10^/10

emotet ramnit epoch2 banker discovery spyware stealer trojan upx worm
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Ramnit

Ramnit family

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2