General

  • Target

    412ff1cd9b02dd85e0e23a6a93857768_JaffaCakes118

  • Size

    607KB

  • Sample

    240514-mntmasce77

  • MD5

    412ff1cd9b02dd85e0e23a6a93857768

  • SHA1

    3e590841ddc1f49da5d2bc8030d8e6ecd72d8161

  • SHA256

    5629457b90b1e85b1acb8becfae809d102027891e96c6c2c5d24af9b39baf47e

  • SHA512

    a354fff276a32ba5681b45f3e702fa7807230532edd28825a7228e4b0452040e65842d86fe42a3cb2f9dfff10d9e69e5e6f678976e7b17ea95e786f3668fa191

  • SSDEEP

    12288:XmN2J3vOTQqB2UoQcBMau0rFMDEr8R5XkIbSBUc:XOC3v4oQcBoadr8R5XkIbSB

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

104.236.28.47:8080

162.241.92.219:8080

190.53.135.159:21

5.196.74.210:8080

58.171.42.66:8080

72.189.57.105:80

223.197.185.60:80

108.6.140.26:80

78.189.180.107:80

217.160.182.191:8080

62.75.187.192:8080

104.236.246.93:8080

105.247.123.133:8080

76.104.80.47:80

181.13.24.82:80

218.255.173.106:80

62.138.26.28:8080

190.114.244.182:443

91.205.215.66:443

74.208.45.104:8080

rsa_pubkey.plain

Targets

    • Target

      412ff1cd9b02dd85e0e23a6a93857768_JaffaCakes118

    • Size

      607KB

    • MD5

      412ff1cd9b02dd85e0e23a6a93857768

    • SHA1

      3e590841ddc1f49da5d2bc8030d8e6ecd72d8161

    • SHA256

      5629457b90b1e85b1acb8becfae809d102027891e96c6c2c5d24af9b39baf47e

    • SHA512

      a354fff276a32ba5681b45f3e702fa7807230532edd28825a7228e4b0452040e65842d86fe42a3cb2f9dfff10d9e69e5e6f678976e7b17ea95e786f3668fa191

    • SSDEEP

      12288:XmN2J3vOTQqB2UoQcBMau0rFMDEr8R5XkIbSBUc:XOC3v4oQcBoadr8R5XkIbSB

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks