emotet

General

Target

2025-03-07_2755313b6cf970afacb7daad4402713f_icedid_ramnit
Size

435KB
Sample

250307-edmr1atq12
MD5

2755313b6cf970afacb7daad4402713f
SHA1

2d3ede84d180c3543f1433781066da2985cae310
SHA256

1a649271eeb4470353195f49e6726aafddddc9a7d2c37e4a408b72909abda373
SHA512

65ce4700b900b190ffd543b1df3b0b789056241618d44ddcc44520a1429051bd20a6de9818d0504d58e7468205f0dc5657cc3d5e35bfe75bc0d02f5b16e304f9
SSDEEP

12288:TRX3wK9rybO3AlLBeTWi+eO6e2GAnG+pG/Yk:TRX3wK9ruO3Alpi+eO6e25NgYk

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

219.92.13.25:80

91.236.4.234:443

192.241.143.52:8080

186.3.232.68:80

192.241.146.84:8080

12.162.84.2:8080

50.28.51.143:8080

221.133.46.86:443

185.94.252.27:443

114.109.179.60:80

186.33.141.88:80

172.104.169.32:8080

184.57.130.8:80

177.139.131.143:443

77.55.211.77:8080

81.169.202.3:443

72.47.248.48:7080

212.71.237.140:8080

190.229.148.144:80

178.79.163.131:8080

rsa_pubkey.plain

Targets

- Target
  
  2025-03-07_2755313b6cf970afacb7daad4402713f_icedid_ramnit
- Size
  
  435KB
- MD5
  
  2755313b6cf970afacb7daad4402713f
- SHA1
  
  2d3ede84d180c3543f1433781066da2985cae310
- SHA256
  
  1a649271eeb4470353195f49e6726aafddddc9a7d2c37e4a408b72909abda373
- SHA512
  
  65ce4700b900b190ffd543b1df3b0b789056241618d44ddcc44520a1429051bd20a6de9818d0504d58e7468205f0dc5657cc3d5e35bfe75bc0d02f5b16e304f9
- SSDEEP
  
  12288:TRX3wK9rybO3AlLBeTWi+eO6e2GAnG+pG/Yk:TRX3wK9ruO3Alpi+eO6e25NgYk
Score

10^/10

emotet ramnit epoch1 banker discovery spyware stealer trojan upx worm
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Emotet family
  emotet
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Emotet family

Ramnit

Ramnit family

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2