General

  • Target

    423c866e2be992e6151af1b12e8629a6_JaffaCakes118

  • Size

    244KB

  • Sample

    240514-vey5esfd68

  • MD5

    423c866e2be992e6151af1b12e8629a6

  • SHA1

    0bc67579b2d952c27ff7c993a1af6baf62ea74ad

  • SHA256

    5a6d1aadd2fbd449c30279f70b0b8385e6ecfc9c79678ede5a7ed7dc4025c74a

  • SHA512

    9004ca6229c47e9217cebf16364db4b246bfd20ee381f3db8ef0fdbf24014582a7481ff0ea7d60caea48a495ff4d3c0b8004d9e068521d71416fdc1579f04bb2

  • SSDEEP

    3072:yjQlpRi39Mm+sQ71RdXauo1GUVPEIEqLtH:y0lpRaMdJ1vXiPEc5H

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

173.81.218.65:80

45.55.36.51:443

91.83.93.99:7080

45.55.219.163:443

169.239.182.217:8080

24.43.99.75:80

78.24.219.147:8080

95.179.229.244:8080

107.5.122.110:80

47.144.21.12:443

204.197.146.48:80

139.99.158.11:443

190.160.53.126:80

74.120.55.163:80

74.109.108.202:80

47.146.117.214:80

104.236.246.93:8080

174.137.65.18:80

41.60.200.34:80

209.141.54.221:8080

rsa_pubkey.plain

Targets

    • Target

      423c866e2be992e6151af1b12e8629a6_JaffaCakes118

    • Size

      244KB

    • MD5

      423c866e2be992e6151af1b12e8629a6

    • SHA1

      0bc67579b2d952c27ff7c993a1af6baf62ea74ad

    • SHA256

      5a6d1aadd2fbd449c30279f70b0b8385e6ecfc9c79678ede5a7ed7dc4025c74a

    • SHA512

      9004ca6229c47e9217cebf16364db4b246bfd20ee381f3db8ef0fdbf24014582a7481ff0ea7d60caea48a495ff4d3c0b8004d9e068521d71416fdc1579f04bb2

    • SSDEEP

      3072:yjQlpRi39Mm+sQ71RdXauo1GUVPEIEqLtH:y0lpRaMdJ1vXiPEc5H

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks