Overview

overview

10

Static

static

3

1880a72494...18.exe

windows7-x64

10

1880a72494...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1880a72494233fc8cf703e4083d88444_JaffaCakes118

  • Size

    532KB

  • Sample

    240505-t5b7xafa2w

  • MD5

    1880a72494233fc8cf703e4083d88444

  • SHA1

    b60166a5ecc885bfb5499703f10a8ffe02330ef7

  • SHA256

    aef15cb2d8a55d05eaad934ed73489e6411562f279efeaf604fb63fc2b957c6a

  • SHA512

    f01a70ed0d02b99dadf3c658678aafc19acc894c2a454a3df426222b9a59d5d99f3fbf09dacebe4d7f653daa3025ef3cdc18176c784bac0e368fd026aae833e1

  • SSDEEP

    6144:1i3lLwdGzHnKSl+hwWu2e8ODcJ0Lv3paCgvgMdyv:1ewYzHKSRWdefDceId

Score
10/10
emotetepoch2bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

94.205.247.10:80

86.22.221.170:80

85.25.255.207:8080

185.94.252.13:443

94.177.216.217:8080

186.4.172.5:20

198.199.114.69:8080

45.33.49.124:443

200.71.148.138:8080

24.45.195.162:7080

136.243.177.26:8080

95.128.43.213:8080

182.176.132.213:8090

190.228.72.244:53

152.89.236.214:8080

27.4.80.183:443

78.24.219.147:8080

62.75.187.192:8080

67.225.229.55:8080

83.136.245.190:8080
rsa_pubkey.plain

Targets

    • Target

      1880a72494233fc8cf703e4083d88444_JaffaCakes118

    • Size

      532KB

    • MD5

      1880a72494233fc8cf703e4083d88444

    • SHA1

      b60166a5ecc885bfb5499703f10a8ffe02330ef7

    • SHA256

      aef15cb2d8a55d05eaad934ed73489e6411562f279efeaf604fb63fc2b957c6a

    • SHA512

      f01a70ed0d02b99dadf3c658678aafc19acc894c2a454a3df426222b9a59d5d99f3fbf09dacebe4d7f653daa3025ef3cdc18176c784bac0e368fd026aae833e1

    • SSDEEP

      6144:1i3lLwdGzHnKSl+hwWu2e8ODcJ0Lv3paCgvgMdyv:1ewYzHKSRWdefDceId

    Score
    10/10
    emotetepoch2bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks