emotet

General

Target

2025-03-07_16f607f50c71eef0d907a0ddef51485e_icedid_ramnit
Size

340KB
Sample

250307-eblrxstqw2
MD5

16f607f50c71eef0d907a0ddef51485e
SHA1

de1506f087ff03dab72c0a68157c5e9fadbf53e2
SHA256

49eb3d77a83f3494b5933b60ce11ab6075b8d6a2674419d0373e4db4b393d6f4
SHA512

c1bcb48f1a72eb4dba8c5a8a4e59a5110eee13be08851d3939274d48f93e6b8a3259cd1b1f56601f45ad22b3917a69e7e126092e95a50b540687ddff7f21e617
SSDEEP

6144:u5FFvya+l8bhG88U5Q4BfbQg7Iuxdu0ZeGbfUTpYDDmu/+3fb7:sbya+l8b/5lEg7PvAG+pG/Y7

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

219.92.13.25:80

91.236.4.234:443

192.241.143.52:8080

186.3.232.68:80

192.241.146.84:8080

12.162.84.2:8080

50.28.51.143:8080

221.133.46.86:443

185.94.252.27:443

114.109.179.60:80

186.33.141.88:80

172.104.169.32:8080

184.57.130.8:80

177.139.131.143:443

77.55.211.77:8080

81.169.202.3:443

72.47.248.48:7080

212.71.237.140:8080

190.229.148.144:80

178.79.163.131:8080

rsa_pubkey.plain

Targets

- Target
  
  2025-03-07_16f607f50c71eef0d907a0ddef51485e_icedid_ramnit
- Size
  
  340KB
- MD5
  
  16f607f50c71eef0d907a0ddef51485e
- SHA1
  
  de1506f087ff03dab72c0a68157c5e9fadbf53e2
- SHA256
  
  49eb3d77a83f3494b5933b60ce11ab6075b8d6a2674419d0373e4db4b393d6f4
- SHA512
  
  c1bcb48f1a72eb4dba8c5a8a4e59a5110eee13be08851d3939274d48f93e6b8a3259cd1b1f56601f45ad22b3917a69e7e126092e95a50b540687ddff7f21e617
- SSDEEP
  
  6144:u5FFvya+l8bhG88U5Q4BfbQg7Iuxdu0ZeGbfUTpYDDmu/+3fb7:sbya+l8b/5lEg7PvAG+pG/Y7
Score

10^/10

emotet ramnit epoch1 banker discovery spyware stealer trojan upx worm
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Ramnit

Ramnit family

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2