General

  • Target

    228391321bce25950d5af062aac3cb7d_JaffaCakes118

  • Size

    468KB

  • Sample

    240508-bd8spacg29

  • MD5

    228391321bce25950d5af062aac3cb7d

  • SHA1

    1d456411c13d66ff30eb79615c8d25a03dcd4630

  • SHA256

    8b53378aa6f2c8087c388c6f1ac9e269afeb18a569305879a688dde94011e980

  • SHA512

    877138885b80ca975f6a6b1469ac5c1d5fc2db307e6a67224ff9754c5cc9f3c40292a574409923e46b3d8e5ca6dd9857e31ffae276f2f912e38349f65ca8e0fc

  • SSDEEP

    6144:8YvDdRgjmaQGPPqc3gSBTB2wALIN2e/3xmU5uAtcjfYQW5Yaug++Jhw17hsY0C:dDPGac37YwAsNbdYYQo1osY0C

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

104.32.141.43:80

104.156.59.7:8080

120.138.30.150:8080

139.59.67.118:443

61.92.17.12:80

103.86.49.11:8080

174.45.13.118:80

75.139.38.211:80

104.131.11.150:443

121.124.124.40:7080

200.114.213.233:8080

185.94.252.104:443

181.169.34.190:80

187.161.206.24:80

93.147.212.206:80

176.111.60.55:8080

83.169.36.251:8080

174.102.48.180:443

24.179.13.119:80

120.150.60.189:80

rsa_pubkey.plain

Targets

    • Target

      228391321bce25950d5af062aac3cb7d_JaffaCakes118

    • Size

      468KB

    • MD5

      228391321bce25950d5af062aac3cb7d

    • SHA1

      1d456411c13d66ff30eb79615c8d25a03dcd4630

    • SHA256

      8b53378aa6f2c8087c388c6f1ac9e269afeb18a569305879a688dde94011e980

    • SHA512

      877138885b80ca975f6a6b1469ac5c1d5fc2db307e6a67224ff9754c5cc9f3c40292a574409923e46b3d8e5ca6dd9857e31ffae276f2f912e38349f65ca8e0fc

    • SSDEEP

      6144:8YvDdRgjmaQGPPqc3gSBTB2wALIN2e/3xmU5uAtcjfYQW5Yaug++Jhw17hsY0C:dDPGac37YwAsNbdYYQo1osY0C

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

MITRE ATT&CK Matrix

Tasks