General

  • Target

    1311d33a523c077151666bdd40c58ca5_JaffaCakes118

  • Size

    145KB

  • Sample

    240504-rgz8qaga8y

  • MD5

    1311d33a523c077151666bdd40c58ca5

  • SHA1

    d5e03c09b38dddbc5c3cfa2056fde1dc1482949e

  • SHA256

    0d11d1a7e8211dd0f2f17d8167ac2d7409b01dedbdffd15ef0a2d4698216cbdc

  • SHA512

    8d736bb0f7be0e968d6bfe7e347ba552c46a498a1642de8c43ac605319cc82cc124badbc38e68832e0bb5657c24137d5b4246b144a538aa3e1597cd0daa8c043

  • SSDEEP

    3072:sy2Cvy3CeODuKqicvT6jTPsjuHYAPmycOLb3BrzrwUO50ubTQLB8tu3M6N2:p8wyKqdv+HsAUOLbdw+ubUic3M6

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

91.105.94.200:80

51.38.124.206:80

38.88.126.202:8080

54.37.42.48:8080

189.2.177.210:443

181.30.61.163:443

185.178.10.77:80

199.203.62.165:80

177.73.0.98:443

87.106.46.107:8080

5.196.35.138:7080

5.189.178.202:8080

185.183.16.47:80

78.249.119.122:80

191.182.6.118:80

96.227.52.8:443

186.103.141.250:443

50.28.51.143:8080

111.67.12.221:8080

50.121.220.50:80

rsa_pubkey.plain

Targets

    • Target

      1311d33a523c077151666bdd40c58ca5_JaffaCakes118

    • Size

      145KB

    • MD5

      1311d33a523c077151666bdd40c58ca5

    • SHA1

      d5e03c09b38dddbc5c3cfa2056fde1dc1482949e

    • SHA256

      0d11d1a7e8211dd0f2f17d8167ac2d7409b01dedbdffd15ef0a2d4698216cbdc

    • SHA512

      8d736bb0f7be0e968d6bfe7e347ba552c46a498a1642de8c43ac605319cc82cc124badbc38e68832e0bb5657c24137d5b4246b144a538aa3e1597cd0daa8c043

    • SSDEEP

      3072:sy2Cvy3CeODuKqicvT6jTPsjuHYAPmycOLb3BrzrwUO50ubTQLB8tu3M6N2:p8wyKqdv+HsAUOLbdw+ubUic3M6

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

MITRE ATT&CK Matrix

Tasks