General

  • Target

    0806d9a9fab6d71a93dfd90d3c039670_JaffaCakes118

  • Size

    172KB

  • Sample

    240429-s76c4aef5x

  • MD5

    0806d9a9fab6d71a93dfd90d3c039670

  • SHA1

    19eb4ed34bf88089db10b1b7b5dfb21965616551

  • SHA256

    f500e72660550ee04ccf59d48be5755408724a309ab359d3bff064d9da5ab66c

  • SHA512

    faa4632b59a0c95a3acbcf5553ead1b23b5fbcdab66b61c8656a8a7739dd8b820119d84d4826575a0c681f596d0f1d614e4a3e37d0941b78358e87549dc4818c

  • SSDEEP

    1536:SvrrLwNwONkX8CsVTC/8z/20X6AV8EiOpOACFsyfP292RiWV0IFT5mDzsoErpYj/:irLsYsL9C/sjzTT/shO9wT3F96OvOQ6

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

82.230.1.24:80

51.38.124.206:80

82.196.15.205:8080

38.88.126.202:8080

61.197.92.216:80

217.199.160.224:7080

61.92.159.208:8080

186.103.141.250:443

104.131.41.185:8080

170.81.48.2:80

50.121.220.50:80

190.195.129.227:8090

187.162.248.237:80

172.104.169.32:8080

199.203.62.165:80

45.161.242.102:80

45.46.37.97:80

96.227.52.8:443

65.36.62.20:80

220.109.145.69:80

rsa_pubkey.plain

Targets

    • Target

      0806d9a9fab6d71a93dfd90d3c039670_JaffaCakes118

    • Size

      172KB

    • MD5

      0806d9a9fab6d71a93dfd90d3c039670

    • SHA1

      19eb4ed34bf88089db10b1b7b5dfb21965616551

    • SHA256

      f500e72660550ee04ccf59d48be5755408724a309ab359d3bff064d9da5ab66c

    • SHA512

      faa4632b59a0c95a3acbcf5553ead1b23b5fbcdab66b61c8656a8a7739dd8b820119d84d4826575a0c681f596d0f1d614e4a3e37d0941b78358e87549dc4818c

    • SSDEEP

      1536:SvrrLwNwONkX8CsVTC/8z/20X6AV8EiOpOACFsyfP292RiWV0IFT5mDzsoErpYj/:irLsYsL9C/sjzTT/shO9wT3F96OvOQ6

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

MITRE ATT&CK Matrix

Tasks