Overview

overview

10

Static

static

3

18e4c5db8d...18.exe

windows7-x64

10

18e4c5db8d...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18e4c5db8de5cc5ef7c98aca08681e7d_JaffaCakes118

  • Size

    280KB

  • Sample

    240505-xkbmesaa8s

  • MD5

    18e4c5db8de5cc5ef7c98aca08681e7d

  • SHA1

    a93d9390aeae6253b9f8ee3b88df3280a9e2b672

  • SHA256

    5bd879ee5ef8685989e9ea12fd7f48d8c44643e1a49f246c85c82a975680d9f6

  • SHA512

    c0eb53ba017d40f6d8e4b6ab5f83b1a1692aad71ee99cae2eb75cadf854c436dd43beedde6e1ac643193c2c1deaf10cd93988eaa77f56958e18e5d3e95c665ab

  • SSDEEP

    6144:pZVatxXzZ9nHZHKqgTOFjVf3b8v8Y8p7k:0txXznVKsjVf40Pk

Score
10/10
emotetepoch2bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

104.193.103.61:80

104.131.123.136:443

5.196.108.189:8080

121.124.124.40:7080

87.106.139.101:8080

213.196.135.145:80

50.35.17.13:80

38.18.235.242:80

24.43.32.186:80

82.80.155.43:80

103.86.49.11:8080

113.61.66.94:80

24.137.76.62:80

187.49.206.134:80

42.200.107.142:80

24.179.13.119:80

93.147.212.206:80

108.46.29.236:80

105.186.233.33:80

37.139.21.175:8080
rsa_pubkey.plain

Targets

    • Target

      18e4c5db8de5cc5ef7c98aca08681e7d_JaffaCakes118

    • Size

      280KB

    • MD5

      18e4c5db8de5cc5ef7c98aca08681e7d

    • SHA1

      a93d9390aeae6253b9f8ee3b88df3280a9e2b672

    • SHA256

      5bd879ee5ef8685989e9ea12fd7f48d8c44643e1a49f246c85c82a975680d9f6

    • SHA512

      c0eb53ba017d40f6d8e4b6ab5f83b1a1692aad71ee99cae2eb75cadf854c436dd43beedde6e1ac643193c2c1deaf10cd93988eaa77f56958e18e5d3e95c665ab

    • SSDEEP

      6144:pZVatxXzZ9nHZHKqgTOFjVf3b8v8Y8p7k:0txXznVKsjVf40Pk

    Score
    10/10
    emotetepoch2bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Emotet payload

      Detects Emotet payload in memory.

      trojanbanker
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks