General

  • Target

    12e98da1dbc3bc92cab664c2e149f400_JaffaCakes118

  • Size

    652KB

  • Sample

    240504-qlbkgshh87

  • MD5

    12e98da1dbc3bc92cab664c2e149f400

  • SHA1

    95a32a5161a68f398137a9208f6a1032c3e9b3dc

  • SHA256

    16947a6d048e41da2f818f75f958e61c77e7e15f612e2091a086b6298914ed8c

  • SHA512

    9f409f612bb0805b9fb4af3cf6bfdd09534710245a60bcd7b7135fecdd879de6b53cb3ad0eef9a03eb27f382ad2a5ebb9c25d2c994d87171c28d5b770b21d675

  • SSDEEP

    12288:3VQmogCegJXrPVats8huIgX8lysnHJhjROyxpVis1LLD:3VSgCFlhosXsAsphjROyMs

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

201.213.32.59:80

187.155.95.26:50000

46.29.183.211:8080

23.229.115.217:8080

81.169.140.14:443

181.36.42.205:443

144.139.158.155:80

77.55.211.77:8080

200.58.83.179:80

91.204.163.19:8090

190.10.194.42:8080

68.183.170.114:8080

86.6.188.121:80

187.193.89.61:50000

77.245.101.134:8080

185.86.148.222:8080

14.160.93.230:80

79.143.182.254:8080

201.163.74.202:443

94.177.183.28:8080

rsa_pubkey.plain

Targets

    • Target

      12e98da1dbc3bc92cab664c2e149f400_JaffaCakes118

    • Size

      652KB

    • MD5

      12e98da1dbc3bc92cab664c2e149f400

    • SHA1

      95a32a5161a68f398137a9208f6a1032c3e9b3dc

    • SHA256

      16947a6d048e41da2f818f75f958e61c77e7e15f612e2091a086b6298914ed8c

    • SHA512

      9f409f612bb0805b9fb4af3cf6bfdd09534710245a60bcd7b7135fecdd879de6b53cb3ad0eef9a03eb27f382ad2a5ebb9c25d2c994d87171c28d5b770b21d675

    • SSDEEP

      12288:3VQmogCegJXrPVats8huIgX8lysnHJhjROyxpVis1LLD:3VSgCFlhosXsAsphjROyMs

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks