General

  • Target

    28bd06bffac071054c14b4d12e90a7ae_JaffaCakes118

  • Size

    168KB

  • Sample

    240509-hcs46see5y

  • MD5

    28bd06bffac071054c14b4d12e90a7ae

  • SHA1

    1ccd3220cb323f62e9172c7df7e58b20f231e66a

  • SHA256

    964f58575b1dc018bf6e33a9edbf9d15da6646dd3aff5e594475302cf4c7a094

  • SHA512

    1e7e7ba96e968d0764929657cf50a8f26eca721997621894588ac0f396bb5d060cbd6bd845d638b5f0089e7e6354198dd6fa3407734bb37d31fd4e4a134eb4dc

  • SSDEEP

    1536:r3yCxVaZHMWxILZRH8jdrGIp/HGmMUch7a/bD:7HxVaZs4CRHmhV/mmkdEbD

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

107.5.122.110:80

199.101.86.6:443

45.55.219.163:443

62.30.7.67:443

185.94.252.104:443

203.117.253.142:80

93.51.50.171:8080

139.130.242.43:80

181.230.116.163:80

37.187.72.193:8080

194.187.133.160:443

167.86.90.214:8080

61.19.246.238:443

98.109.204.230:80

180.92.239.110:8080

121.124.124.40:7080

47.146.117.214:80

110.145.77.103:80

97.82.79.83:80

70.121.172.89:80

rsa_pubkey.plain

Targets

    • Target

      28bd06bffac071054c14b4d12e90a7ae_JaffaCakes118

    • Size

      168KB

    • MD5

      28bd06bffac071054c14b4d12e90a7ae

    • SHA1

      1ccd3220cb323f62e9172c7df7e58b20f231e66a

    • SHA256

      964f58575b1dc018bf6e33a9edbf9d15da6646dd3aff5e594475302cf4c7a094

    • SHA512

      1e7e7ba96e968d0764929657cf50a8f26eca721997621894588ac0f396bb5d060cbd6bd845d638b5f0089e7e6354198dd6fa3407734bb37d31fd4e4a134eb4dc

    • SSDEEP

      1536:r3yCxVaZHMWxILZRH8jdrGIp/HGmMUch7a/bD:7HxVaZs4CRHmhV/mmkdEbD

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks