Overview

overview

10

Static

static

3

20c91b6035...18.exe

windows7-x64

10

20c91b6035...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    129s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/05/2024, 14:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    20c91b6035298f2add0c2b0a5151cf42_JaffaCakes118.exe

  • Size

    112KB

  • MD5

    20c91b6035298f2add0c2b0a5151cf42

  • SHA1

    502329709ea04e86a536235b128538f11bbc07ee

  • SHA256

    2a9577b9e974148ad1257b46354ae2fed7e42061286aa15f4dff91fe0a8feee3

  • SHA512

    d2a254d3ffd502aeac18386c94f8fa587f3abf7a43bdf7c5328bba1f8fc18a642d0fdfa071c5958de39905b16a09f68ca48f3aaf4606f981090de048c0438c32

  • SSDEEP

    1536:mRNW04otWYPMRoUtTGCQxvEBN7KyXA3Ygi/xzmNubly7L3RhCs:17oE/RoUtyCQxvEiISi5JIL3RhD

Score
10/10
emotetepoch3bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

190.192.39.136:80

5.189.168.53:8080

162.241.41.111:7080

190.85.46.52:7080

190.190.15.20:80

181.95.133.104:80

41.212.89.128:80

115.176.16.221:80

143.95.101.72:8080

75.127.14.170:8080

116.202.10.123:8080

74.208.173.91:8080

103.93.220.182:80

50.116.78.109:8080

67.121.104.51:20

180.26.62.115:443

139.59.12.63:8080

76.18.16.210:80

113.161.148.81:80

5.79.70.250:8080
rsa_pubkey.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Emotet payload 3 IoCs

    Detects Emotet payload in memory.

    trojanbanker
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\20c91b6035298f2add0c2b0a5151cf42_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20c91b6035298f2add0c2b0a5151cf42_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2956

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2956-0-0x00000000001D0000-0x00000000001E2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/2956-7-0x00000000001C0000-0x00000000001CF000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2956-4-0x00000000001F0000-0x0000000000200000-memory.dmp

          Filesize

          64KB

          Download