emotet | 24584511aa2b3923afe0e1178d166369_JaffaCakes118

General

Target

24584511aa2b3923afe0e1178d166369_JaffaCakes118
Size

57KB
MD5

24584511aa2b3923afe0e1178d166369
SHA1

0a2a5338f76da20f60bae0c1cdc0c676082f63a8
SHA256

eedb5f81d24875183bf372fe3e7f23d0390ae25ecdcb4e8529dbd72667c2df87
SHA512

b20f7f524a028b84ed3ffccc1b9a693deb4989137d0ce9f626819deadb69a8e7a8e390fe2486b602a97243e3a99703beadb0ed4b8d0e5c4cb880f03ebf369527
SSDEEP

1536:QG3AOeY7isrj3XckPBqkM8STvPvIYZ+d0Tdj1SboCfjc:5v7isPXckzSLQYZNhRUc

Score

10^/10

epoch3 emotet

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

222.239.249.166:443

217.26.163.82:7080

91.205.173.54:8080

163.172.97.112:8080

103.205.177.229:80

176.58.93.123:80

212.112.113.235:80

201.196.15.79:990

193.34.144.138:8080

172.104.70.207:8080

104.238.80.237:8080

181.44.166.242:80

119.159.150.176:443

5.189.148.98:8080

139.162.185.116:443

190.189.79.73:80

78.46.87.133:8080

192.241.220.183:8080

23.253.207.142:8080

216.70.88.55:8080

rsa_pubkey.plain

Signatures

Emotet family
emotet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24584511aa2b3923afe0e1178d166369_JaffaCakes118

Files

24584511aa2b3923afe0e1178d166369_JaffaCakes118
.exe windows:6 windows x86 arch:x86

009889c73bd2e55113bf6dfa5f395e0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsProcessorFeaturePresent

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

009889c73bd2e55113bf6dfa5f395e0d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 14KB

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 1024B - Virtual size: 1012B

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 14KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 1024B - Virtual size: 1012B