General

  • Target

    4853ab808385f5791aec85c529d7ed6a_JaffaCakes118

  • Size

    667KB

  • Sample

    240515-2dcncsfb6x

  • MD5

    4853ab808385f5791aec85c529d7ed6a

  • SHA1

    46608010d9de8a421bfffb168f3a21727e1919c2

  • SHA256

    4df10c1a6b467ed78a68274a7b866d81a3a6009fa098b3b74abfd00fb1deb9ba

  • SHA512

    76495ff04b4ea8d969b19174cab5741a5f99e68d2056ad6c8e85569ac542b159089a47267d130dbdfbdfa480bcc7919508f4d72dee3eb876e2db8ea395e6b148

  • SSDEEP

    12288:6+JJG//twCZ1CFy6jpcFnRO6QuiCDuBMoCfazA:6+J6/twC1N6jiVk6Quix4D

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

104.193.103.61:80

104.131.123.136:443

5.196.108.189:8080

121.124.124.40:7080

87.106.139.101:8080

213.196.135.145:80

50.35.17.13:80

38.18.235.242:80

24.43.32.186:80

82.80.155.43:80

103.86.49.11:8080

113.61.66.94:80

24.137.76.62:80

187.49.206.134:80

42.200.107.142:80

24.179.13.119:80

93.147.212.206:80

108.46.29.236:80

105.186.233.33:80

37.139.21.175:8080

rsa_pubkey.plain

Targets

    • Target

      4853ab808385f5791aec85c529d7ed6a_JaffaCakes118

    • Size

      667KB

    • MD5

      4853ab808385f5791aec85c529d7ed6a

    • SHA1

      46608010d9de8a421bfffb168f3a21727e1919c2

    • SHA256

      4df10c1a6b467ed78a68274a7b866d81a3a6009fa098b3b74abfd00fb1deb9ba

    • SHA512

      76495ff04b4ea8d969b19174cab5741a5f99e68d2056ad6c8e85569ac542b159089a47267d130dbdfbdfa480bcc7919508f4d72dee3eb876e2db8ea395e6b148

    • SSDEEP

      12288:6+JJG//twCZ1CFy6jpcFnRO6QuiCDuBMoCfazA:6+J6/twC1N6jiVk6Quix4D

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

MITRE ATT&CK Matrix

Tasks