Overview

overview

10

Static

static

1

e2a97ae948...18.dll

windows7-x64

10

e2a97ae948...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e2a97ae948e43f6764f05c9380e112de_JaffaCakes118

  • Size

    348KB

  • Sample

    240406-qx9xesbe6x

  • MD5

    e2a97ae948e43f6764f05c9380e112de

  • SHA1

    b64a097b56d84ca8e467f83eb379236531cfda43

  • SHA256

    b00a2c2d8c7e94de2511d8a04d8c147bca3b1fff6f7945f70512ffb2f926e037

  • SHA512

    dd5f936dc715bff3e66e80f50fff1c60a23b6a0b28d421adbda1968402e634acf7cdec2e36ed39a3ae1fd375ea4373fbf64693b4c8aa2878653f401f26ad216c

  • SSDEEP

    3072:5a99Ky1S0SD8MHjO73Ba01/H/7FlwZ2RJJBvX+WUEAQbb:5aGy1nS8MHi7xai73JtkWUEAKb

Score
10/10
emotetepoch1bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

181.10.46.92:80

2.58.16.88:8080

206.189.232.2:8080

178.250.54.208:8080

167.71.148.58:443

202.134.4.210:7080

187.162.248.237:80

78.206.229.130:80

85.214.26.7:8080

5.196.35.138:7080

1.226.84.243:8080

110.39.162.2:443

185.183.16.47:80

152.231.89.226:80

138.97.60.141:7080

94.176.234.118:443

46.101.58.37:8080

93.146.143.191:80

70.32.84.74:8080

137.74.106.111:7080
rsa_pubkey.plain

Targets

    • Target

      e2a97ae948e43f6764f05c9380e112de_JaffaCakes118

    • Size

      348KB

    • MD5

      e2a97ae948e43f6764f05c9380e112de

    • SHA1

      b64a097b56d84ca8e467f83eb379236531cfda43

    • SHA256

      b00a2c2d8c7e94de2511d8a04d8c147bca3b1fff6f7945f70512ffb2f926e037

    • SHA512

      dd5f936dc715bff3e66e80f50fff1c60a23b6a0b28d421adbda1968402e634acf7cdec2e36ed39a3ae1fd375ea4373fbf64693b4c8aa2878653f401f26ad216c

    • SSDEEP

      3072:5a99Ky1S0SD8MHjO73Ba01/H/7FlwZ2RJJBvX+WUEAQbb:5aGy1nS8MHi7xai73JtkWUEAKb

    Score
    10/10
    emotetepoch1bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks