General

  • Target

    19e04ede9a9657c6b6a984150a226923_JaffaCakes118

  • Size

    1.9MB

  • Sample

    240506-anq5ysag21

  • MD5

    19e04ede9a9657c6b6a984150a226923

  • SHA1

    fe121bb0b2a9c3da49a39ba9a99061b715dafc74

  • SHA256

    d4dfb771a01eff68343bcafb01614a72d294c80a70c5eaddf300b0b0ad5d253f

  • SHA512

    a26e48c284a885d6de6c0f24cd5a20a22e41fe40a519c248e3197d607f9c95cad7c1b918346f5a77920f3e64c054458c95d8d4e2f020a6a6beb538b077661f8a

  • SSDEEP

    24576:R825Kz3iScbWjRZ0L006Dk/mZfUanuoUSyetjIJRWbVX8UKzpr8enO6w:TM3eonpQ/mpvuvSye9IObp89prM6

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

91.220.131.59:50003

91.220.131.59:50004

Attributes
  • service_name

    Enterprise Mailing Service

Targets

    • Target

      19e04ede9a9657c6b6a984150a226923_JaffaCakes118

    • Size

      1.9MB

    • MD5

      19e04ede9a9657c6b6a984150a226923

    • SHA1

      fe121bb0b2a9c3da49a39ba9a99061b715dafc74

    • SHA256

      d4dfb771a01eff68343bcafb01614a72d294c80a70c5eaddf300b0b0ad5d253f

    • SHA512

      a26e48c284a885d6de6c0f24cd5a20a22e41fe40a519c248e3197d607f9c95cad7c1b918346f5a77920f3e64c054458c95d8d4e2f020a6a6beb538b077661f8a

    • SSDEEP

      24576:R825Kz3iScbWjRZ0L006Dk/mZfUanuoUSyetjIJRWbVX8UKzpr8enO6w:TM3eonpQ/mpvuvSye9IObp89prM6

    • SendSafe

      SendSafe is a notorious spam tool which then turned into spam botnet.

    • SendSafe payload

MITRE ATT&CK Matrix

Tasks