General

  • Target

    45d0780cc3f28876c6fb560ba4b66c88_JaffaCakes118

  • Size

    186KB

  • Sample

    240515-mwsd7sdg6w

  • MD5

    45d0780cc3f28876c6fb560ba4b66c88

  • SHA1

    4fb246ff1171cb569b56d97fc8e7250f8f2e5c2a

  • SHA256

    88c82d26eca396450345074d760e9a40284fc9b1440f9f5b25c12dde88df3eef

  • SHA512

    273a3b9dcc26ae5aac11e95930736008fd227c1c80b6b4e8166f3d0ec143b6f84e2b63b0f74f7040d1df03e3c21bbb63e20a3dbd74ea3efaa45d53f3f64fa8a4

  • SSDEEP

    3072:PQczzbBp52B0om2O7kXi42TzI57Z2PTUnDrFIwJ2d6n6du8gjxPNiJV:PzXtp52B0Vaif0QUn6wJ3ncngjEV

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

189.252.102.40:8080

186.109.28.142:80

211.110.229.161:443

193.34.144.138:8080

74.208.173.91:8080

144.76.62.10:8080

216.75.37.196:8080

201.196.15.79:990

94.177.253.126:80

124.150.175.133:80

216.70.88.55:8080

5.189.148.98:8080

186.18.224.149:80

91.109.5.28:8080

212.112.113.235:80

142.93.87.198:8080

190.128.222.14:80

157.7.164.178:8081

113.52.135.33:7080

95.216.212.157:8080

rsa_pubkey.plain

Targets

    • Target

      45d0780cc3f28876c6fb560ba4b66c88_JaffaCakes118

    • Size

      186KB

    • MD5

      45d0780cc3f28876c6fb560ba4b66c88

    • SHA1

      4fb246ff1171cb569b56d97fc8e7250f8f2e5c2a

    • SHA256

      88c82d26eca396450345074d760e9a40284fc9b1440f9f5b25c12dde88df3eef

    • SHA512

      273a3b9dcc26ae5aac11e95930736008fd227c1c80b6b4e8166f3d0ec143b6f84e2b63b0f74f7040d1df03e3c21bbb63e20a3dbd74ea3efaa45d53f3f64fa8a4

    • SSDEEP

      3072:PQczzbBp52B0om2O7kXi42TzI57Z2PTUnDrFIwJ2d6n6du8gjxPNiJV:PzXtp52B0Vaif0QUn6wJ3ncngjEV

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks