General

  • Target

    40aa7157bcec5676ad30cff554d6f209_JaffaCakes118

  • Size

    278KB

  • Sample

    240514-h7tdesfa21

  • MD5

    40aa7157bcec5676ad30cff554d6f209

  • SHA1

    1777ea03ed660853be9b671e469c3f514fa327c0

  • SHA256

    579064ed7a035e9d72373c8d407a828ea5eb6ee3b94c5a6b7d71fa51751a719c

  • SHA512

    e62d7695a8ca2fc5f2114d0814be131fbd072a384c971771ba9261c2844a4f920d56fa8a3d0c49aea17082cf5a40713d176f8a04ebfb3f1e1fe892f09a5b6a63

  • SSDEEP

    6144:oqJs8euVV/Nsxp+IsUTNeY3hF879W15LlSB1I:ows8eOVl0pf87M1SBu

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

192.161.190.171:8080

80.93.48.49:7080

83.169.33.157:8080

222.239.249.166:443

212.129.14.27:8080

143.95.101.72:8080

119.159.150.176:443

193.34.144.138:8080

95.216.212.157:8080

181.197.108.171:443

157.7.164.178:8081

50.116.78.109:8080

51.38.134.203:8080

23.253.207.142:8080

78.46.87.133:8080

95.216.207.86:7080

37.59.24.25:8080

177.226.25.78:80

5.189.148.98:8080

216.75.37.196:8080

rsa_pubkey.plain

Targets

    • Target

      40aa7157bcec5676ad30cff554d6f209_JaffaCakes118

    • Size

      278KB

    • MD5

      40aa7157bcec5676ad30cff554d6f209

    • SHA1

      1777ea03ed660853be9b671e469c3f514fa327c0

    • SHA256

      579064ed7a035e9d72373c8d407a828ea5eb6ee3b94c5a6b7d71fa51751a719c

    • SHA512

      e62d7695a8ca2fc5f2114d0814be131fbd072a384c971771ba9261c2844a4f920d56fa8a3d0c49aea17082cf5a40713d176f8a04ebfb3f1e1fe892f09a5b6a63

    • SSDEEP

      6144:oqJs8euVV/Nsxp+IsUTNeY3hF879W15LlSB1I:ows8eOVl0pf87M1SBu

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks