General

  • Target

    26f3743e6b04885aad831d477591498e_JaffaCakes118

  • Size

    328KB

  • Sample

    240508-1zbshshh8t

  • MD5

    26f3743e6b04885aad831d477591498e

  • SHA1

    408cc4cca98ab98f0c7e313f9dc13f509f20e9df

  • SHA256

    5b38bd8e910fea2c516c8692c0448f278947d4f2b1faeddcc9eaf7b4c890d981

  • SHA512

    bb2bcb164be61adbfc99934d45a52cdbd5cbfcf0b0e62f574679d8de103db6d7e77381363f32ce1885ea1851c68c22ada1b3c3a27644f910832838993451126d

  • SSDEEP

    6144:LYp4zNdyu3d7kZmMJNT/iRWcndATaW8IfsMnJ4vp:Lnz3yskZ7nr2WU

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

190.56.255.118:80

139.130.241.252:443

58.171.42.66:8080

108.179.206.219:8080

59.110.18.236:443

45.56.88.91:443

206.81.10.215:8080

167.71.10.37:8080

173.70.81.77:80

118.201.230.249:80

159.65.25.128:8080

59.103.164.174:80

191.92.209.110:7080

192.241.255.77:8080

181.31.213.158:8080

190.53.135.159:21

107.170.24.125:8080

201.184.105.242:443

183.102.238.69:465

190.108.228.48:990

rsa_pubkey.plain

Targets

    • Target

      26f3743e6b04885aad831d477591498e_JaffaCakes118

    • Size

      328KB

    • MD5

      26f3743e6b04885aad831d477591498e

    • SHA1

      408cc4cca98ab98f0c7e313f9dc13f509f20e9df

    • SHA256

      5b38bd8e910fea2c516c8692c0448f278947d4f2b1faeddcc9eaf7b4c890d981

    • SHA512

      bb2bcb164be61adbfc99934d45a52cdbd5cbfcf0b0e62f574679d8de103db6d7e77381363f32ce1885ea1851c68c22ada1b3c3a27644f910832838993451126d

    • SSDEEP

      6144:LYp4zNdyu3d7kZmMJNT/iRWcndATaW8IfsMnJ4vp:Lnz3yskZ7nr2WU

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks