General

  • Target

    412fe1983873abbe348f41cc1954b1f8_JaffaCakes118

  • Size

    648KB

  • Sample

    240514-mnpcksce72

  • MD5

    412fe1983873abbe348f41cc1954b1f8

  • SHA1

    ef42fd9982310ee058573f0a3800282988476ccc

  • SHA256

    005279eecb18320947a798d783dc4404892b5f81c04508c3cfa1722206d9dd6b

  • SHA512

    2e45417abc54fb9089b7b01c6178f854edeb4e0985d8caa0210210f1bf2d6be1e5e5f04cdc65f96d5c531b068be17a3f2fb22c5bad4830cb315e7f8506f1c283

  • SSDEEP

    6144:vPHraQJHeQGHHVciHixSSVKTty67GxCidcv8WNAC23e8E3O3Nkh51adP7UhXKqIm:nteQkciHygvYdckWNACTOy5c7UZyIUQ

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

190.191.171.72:80

5.189.168.53:8080

162.241.41.111:7080

190.85.46.52:7080

37.205.9.252:7080

172.96.190.154:8080

120.51.34.254:80

181.95.133.104:80

139.59.61.215:443

157.7.164.178:8081

113.193.239.51:443

67.121.104.51:20

41.185.29.128:8080

86.57.216.23:80

185.80.172.199:80

54.38.143.245:8080

41.212.89.128:80

223.17.215.76:80

37.187.100.220:7080

167.71.227.113:8080

rsa_pubkey.plain

Targets

    • Target

      412fe1983873abbe348f41cc1954b1f8_JaffaCakes118

    • Size

      648KB

    • MD5

      412fe1983873abbe348f41cc1954b1f8

    • SHA1

      ef42fd9982310ee058573f0a3800282988476ccc

    • SHA256

      005279eecb18320947a798d783dc4404892b5f81c04508c3cfa1722206d9dd6b

    • SHA512

      2e45417abc54fb9089b7b01c6178f854edeb4e0985d8caa0210210f1bf2d6be1e5e5f04cdc65f96d5c531b068be17a3f2fb22c5bad4830cb315e7f8506f1c283

    • SSDEEP

      6144:vPHraQJHeQGHHVciHixSSVKTty67GxCidcv8WNAC23e8E3O3Nkh51adP7UhXKqIm:nteQkciHygvYdckWNACTOy5c7UZyIUQ

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

MITRE ATT&CK Matrix

Tasks