General

  • Target

    42b188b8832ec9e0192a533252d73b4b_JaffaCakes118

  • Size

    604KB

  • Sample

    240514-x4ylascd2x

  • MD5

    42b188b8832ec9e0192a533252d73b4b

  • SHA1

    2d98c87552925017c7ad1bda77ab265835a807d4

  • SHA256

    3251a00155619dd1ba363b7fe477dab326fe791d2135129d3133c0cb716dd58b

  • SHA512

    c50f5ed32d2afe12b9c863f99bed270222b2a2293626cfb6b6f19ac2e18e91ba2531c9f81844b187ec2d06b09c1be5bd909cdca8ff6f4376cfee7a981fedce4f

  • SSDEEP

    3072:u3jR/RkdRlmA/Z6p+UUp5Yms1YOFOZg9DlcOoP5E4v4olnXg2VaSA2dpstUrG/Da:uzR/RQl3/aUYNmLg9Dih5f5lXg2BRJGW

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

23.239.29.211:443

198.199.114.69:8080

80.79.23.144:443

186.4.172.5:20

31.12.67.62:7080

178.254.6.27:7080

178.79.161.166:443

87.106.139.101:8080

211.63.71.72:8080

87.230.19.21:8080

41.220.119.246:80

80.11.163.139:443

190.228.72.244:53

192.254.173.31:8080

190.53.135.159:21

212.71.234.16:8080

95.128.43.213:8080

190.108.228.48:990

85.104.59.244:20

190.106.97.230:443

rsa_pubkey.plain

Targets

    • Target

      42b188b8832ec9e0192a533252d73b4b_JaffaCakes118

    • Size

      604KB

    • MD5

      42b188b8832ec9e0192a533252d73b4b

    • SHA1

      2d98c87552925017c7ad1bda77ab265835a807d4

    • SHA256

      3251a00155619dd1ba363b7fe477dab326fe791d2135129d3133c0cb716dd58b

    • SHA512

      c50f5ed32d2afe12b9c863f99bed270222b2a2293626cfb6b6f19ac2e18e91ba2531c9f81844b187ec2d06b09c1be5bd909cdca8ff6f4376cfee7a981fedce4f

    • SSDEEP

      3072:u3jR/RkdRlmA/Z6p+UUp5Yms1YOFOZg9DlcOoP5E4v4olnXg2VaSA2dpstUrG/Da:uzR/RQl3/aUYNmLg9Dih5f5lXg2BRJGW

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks