General

  • Target

    156070f95796ae9b57c1a56dd7d77873_JaffaCakes118

  • Size

    896KB

  • Sample

    240505-bw7cksdf24

  • MD5

    156070f95796ae9b57c1a56dd7d77873

  • SHA1

    f2fe34a4dd34b96535597b466344c3e8c9625eda

  • SHA256

    d094c77d908b6d6c55d133737ba7e1ff34c0bf240b28d6a5188c6fa9477bc288

  • SHA512

    1bfdfe3090630e6ce37c18069beadb96baf5c6bb32836cd92c017fa2fc49e760473bd1dca8bc2373f5b5d994c2ed324a72e50b18206cebc2f51088afb311f082

  • SSDEEP

    12288:bZlyqwEmkmauSVd2R3R0EcX0euXBzsBsU3z4ZuF:tm6whk90BDyQ

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

174.100.27.229:80

209.126.6.222:8080

5.153.250.14:8080

192.241.146.84:8080

95.9.180.128:80

77.55.211.77:8080

85.105.140.135:443

45.33.77.42:8080

77.90.136.129:8080

94.176.234.118:443

190.163.31.26:80

190.6.193.152:8080

190.181.235.46:80

81.198.69.61:80

188.2.217.94:80

114.109.179.60:80

83.169.21.32:7080

137.74.106.111:7080

212.231.60.98:80

170.81.48.2:80

rsa_pubkey.plain

Targets

    • Target

      156070f95796ae9b57c1a56dd7d77873_JaffaCakes118

    • Size

      896KB

    • MD5

      156070f95796ae9b57c1a56dd7d77873

    • SHA1

      f2fe34a4dd34b96535597b466344c3e8c9625eda

    • SHA256

      d094c77d908b6d6c55d133737ba7e1ff34c0bf240b28d6a5188c6fa9477bc288

    • SHA512

      1bfdfe3090630e6ce37c18069beadb96baf5c6bb32836cd92c017fa2fc49e760473bd1dca8bc2373f5b5d994c2ed324a72e50b18206cebc2f51088afb311f082

    • SSDEEP

      12288:bZlyqwEmkmauSVd2R3R0EcX0euXBzsBsU3z4ZuF:tm6whk90BDyQ

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

MITRE ATT&CK Matrix

Tasks