General

  • Target

    2b3e320a3e6ec2a606c950335c16cce1_JaffaCakes118

  • Size

    304KB

  • Sample

    240509-wt6cqaff61

  • MD5

    2b3e320a3e6ec2a606c950335c16cce1

  • SHA1

    0e5a17ab652c8476eaf93df187765574887fe128

  • SHA256

    fa93b0c5fb6cca67d87421de07b75bac3a319d30b1caf0bbcb4bb0f8243482aa

  • SHA512

    6b1b8293b95a4f111e5f34d08c9f661ac2fb83cac82c1709f0c8eb6d0129689a3364990a0490d6c02e9d083bbad90e3237d2243ea3021cd90c57f64d6a59ff9e

  • SSDEEP

    3072:J9zXQj0GpJ4viKir9bXpakjnUv3x8ZlVxCM2B7p2V3++1qyqL5M+X6lppI17:J5XQgGpJKkVX5Tk7p2/x46lpK

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

24.43.32.186:80

38.111.46.46:8080

134.209.36.254:8080

162.241.242.173:8080

74.120.55.163:80

61.92.17.12:80

219.74.18.66:443

156.155.166.221:80

104.131.44.150:8080

37.139.21.175:8080

94.1.108.190:443

169.239.182.217:8080

220.245.198.194:80

139.99.158.11:443

91.211.88.52:7080

62.75.141.82:80

174.45.13.118:80

137.119.36.33:80

188.219.31.12:80

103.86.49.11:8080

rsa_pubkey.plain

Targets

    • Target

      2b3e320a3e6ec2a606c950335c16cce1_JaffaCakes118

    • Size

      304KB

    • MD5

      2b3e320a3e6ec2a606c950335c16cce1

    • SHA1

      0e5a17ab652c8476eaf93df187765574887fe128

    • SHA256

      fa93b0c5fb6cca67d87421de07b75bac3a319d30b1caf0bbcb4bb0f8243482aa

    • SHA512

      6b1b8293b95a4f111e5f34d08c9f661ac2fb83cac82c1709f0c8eb6d0129689a3364990a0490d6c02e9d083bbad90e3237d2243ea3021cd90c57f64d6a59ff9e

    • SSDEEP

      3072:J9zXQj0GpJ4viKir9bXpakjnUv3x8ZlVxCM2B7p2V3++1qyqL5M+X6lppI17:J5XQgGpJKkVX5Tk7p2/x46lpK

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

MITRE ATT&CK Matrix

Tasks