Overview

overview

10

Static

static

3

f8e8dfd09f...18.exe

windows7-x64

10

f8e8dfd09f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f8e8dfd09f2218f3df7b2ddcb7c256d7_JaffaCakes118

  • Size

    368KB

  • Sample

    240418-2m6b2aha28

  • MD5

    f8e8dfd09f2218f3df7b2ddcb7c256d7

  • SHA1

    c1f150ecc2223d0c448f1e36040873f94d5cb30b

  • SHA256

    bf9041e81a2ba70bdba75b83186b826931a9e9a825a350cb80dafdde06efae83

  • SHA512

    e5873697ae9cd7cb99cf375e8acf68baaed794a326c2803cad8551a72a88176c9be6f7384c3a0be4bdcb31791176983979db58854b2e1a9fdc4fdca86ccb04ed

  • SSDEEP

    6144:8pNhFtYtpGQddLK3FGpMhRWYzyZfaDBZtMXYtJ02TjL+e9k9+:CN6GQdoFM2Jy2nXLt9kE

Score
10/10
emotetepoch3bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

190.38.252.45:443

105.225.77.21:80

181.167.35.84:80

164.68.115.146:8080

5.189.148.98:8080

46.105.128.215:8080

69.30.205.162:7080

190.161.67.63:80

81.82.247.216:80

72.69.99.47:80

172.90.70.168:443

91.117.31.181:80

200.71.112.158:53

51.77.113.97:8080

190.101.87.170:80

96.234.38.186:8080

190.146.14.143:443

86.70.224.211:80

88.247.26.78:80

175.103.239.50:80
rsa_pubkey.plain

Targets

    • Target

      f8e8dfd09f2218f3df7b2ddcb7c256d7_JaffaCakes118

    • Size

      368KB

    • MD5

      f8e8dfd09f2218f3df7b2ddcb7c256d7

    • SHA1

      c1f150ecc2223d0c448f1e36040873f94d5cb30b

    • SHA256

      bf9041e81a2ba70bdba75b83186b826931a9e9a825a350cb80dafdde06efae83

    • SHA512

      e5873697ae9cd7cb99cf375e8acf68baaed794a326c2803cad8551a72a88176c9be6f7384c3a0be4bdcb31791176983979db58854b2e1a9fdc4fdca86ccb04ed

    • SSDEEP

      6144:8pNhFtYtpGQddLK3FGpMhRWYzyZfaDBZtMXYtJ02TjL+e9k9+:CN6GQdoFM2Jy2nXLt9kE

    Score
    10/10
    emotetepoch3bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks