General

  • Target

    2efe6c8ac85502b679fb4f7464fbfe8a_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240510-n495nagd34

  • MD5

    2efe6c8ac85502b679fb4f7464fbfe8a

  • SHA1

    2cb6cdafc22ada6dbb0416ce49e4cd5e3b9606b4

  • SHA256

    d491754a64bc042dc07085ed81cd604ef2ab0b1d2707b7683ada06d8851b97af

  • SHA512

    b103eae2c6630e91f2379e898a36e1d6ffe4cf5e1f5fc40c7d1953ee0576836ec42c97d18bf49d0ebf94a5d9d68559ab8a6359d82d282ce061a4d47b5375d8d1

  • SSDEEP

    49152:9f7kQXbXFeKv/Kzik+V0Al+MUt9Mbel7Eim/2PHda9:5kypeKv/c+6Al+MUTR02PHd

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

31.184.198.249:50005

31.184.198.249:50006

Attributes
  • service_name

    Enterprise Mailing Service

Targets

    • Target

      2efe6c8ac85502b679fb4f7464fbfe8a_JaffaCakes118

    • Size

      1.8MB

    • MD5

      2efe6c8ac85502b679fb4f7464fbfe8a

    • SHA1

      2cb6cdafc22ada6dbb0416ce49e4cd5e3b9606b4

    • SHA256

      d491754a64bc042dc07085ed81cd604ef2ab0b1d2707b7683ada06d8851b97af

    • SHA512

      b103eae2c6630e91f2379e898a36e1d6ffe4cf5e1f5fc40c7d1953ee0576836ec42c97d18bf49d0ebf94a5d9d68559ab8a6359d82d282ce061a4d47b5375d8d1

    • SSDEEP

      49152:9f7kQXbXFeKv/Kzik+V0Al+MUt9Mbel7Eim/2PHda9:5kypeKv/c+6Al+MUTR02PHd

    • SendSafe

      SendSafe is a notorious spam tool which then turned into spam botnet.

    • SendSafe payload

MITRE ATT&CK Matrix

Tasks