General

  • Target

    4427f9cb93e5911a9ceee8539a0a82e0_JaffaCakes118

  • Size

    312KB

  • Sample

    240515-ctmqtsdb55

  • MD5

    4427f9cb93e5911a9ceee8539a0a82e0

  • SHA1

    5f5dd034ec36f4f053e1e422e33d4f0cb2fc857d

  • SHA256

    9aa6fa9726bf5d248114d2271fd3d877a916b132d4130e8cbf4fae5cb8606caa

  • SHA512

    0a7e8ab3855babe45f253e0f9470c369e43e6527d5af0b7d44342f3497bc6f44303fff2471a0a4a114619c1f65eda8a60387c9c8f23fac8e7b34191fcf0e19b8

  • SSDEEP

    6144:pph2KiYC3aZBTVItet3QlpLV0IjuKdJr2qKiTst:pViYC3aZU+3QuIjuKdwGg

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

98.178.241.106:80

190.171.153.139:80

179.5.118.12:8080

45.79.75.232:8080

124.150.175.133:80

164.68.115.146:8080

5.189.148.98:8080

46.105.128.215:8080

67.254.196.78:443

95.216.207.86:7080

181.46.176.38:80

98.15.140.226:80

217.12.70.226:80

115.179.91.58:80

41.190.148.90:80

162.144.46.90:8080

211.218.105.101:80

212.129.14.27:8080

120.51.83.89:443

200.41.121.69:443

rsa_pubkey.plain

Targets

    • Target

      4427f9cb93e5911a9ceee8539a0a82e0_JaffaCakes118

    • Size

      312KB

    • MD5

      4427f9cb93e5911a9ceee8539a0a82e0

    • SHA1

      5f5dd034ec36f4f053e1e422e33d4f0cb2fc857d

    • SHA256

      9aa6fa9726bf5d248114d2271fd3d877a916b132d4130e8cbf4fae5cb8606caa

    • SHA512

      0a7e8ab3855babe45f253e0f9470c369e43e6527d5af0b7d44342f3497bc6f44303fff2471a0a4a114619c1f65eda8a60387c9c8f23fac8e7b34191fcf0e19b8

    • SSDEEP

      6144:pph2KiYC3aZBTVItet3QlpLV0IjuKdJr2qKiTst:pViYC3aZU+3QuIjuKdwGg

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks