General

  • Target

    46d2249fc725fac0564b2e970f7a17dc_JaffaCakes118

  • Size

    484KB

  • Sample

    240515-szlnqafh5t

  • MD5

    46d2249fc725fac0564b2e970f7a17dc

  • SHA1

    4498272e22d1826a74f8657439a1499bf955b95f

  • SHA256

    24e9387a84a0c0a46dde8cda69b5c727e8cfeb9b2334c631007a66b1e456f77d

  • SHA512

    d5f1bc2c58c5eedf762946e37cbc44f1c304c3f7ff1a8ae2332dd8217482aa653cbc58cfcf70fc348f31ca0f2022da86c59d7fb80bb2ca1985f8896e38fb508d

  • SSDEEP

    6144:TWun+hlYGfH7Q1BJLMoGLOk8tWlKTZFLa+CUpWHRKKTfEffk5zMuA/v4O66VS02a:TWuQYGfH76LMof9txfLNGlBHLt9+

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

85.152.174.56:80

59.148.227.190:80

5.154.58.24:80

46.105.131.87:80

37.59.24.177:8080

66.34.201.20:7080

108.179.206.219:8080

211.63.71.72:8080

47.6.15.79:80

201.173.217.124:443

98.24.231.64:80

201.251.133.92:443

116.48.142.21:443

74.105.102.97:8080

58.171.42.66:8080

169.239.182.217:8080

149.202.153.252:8080

91.73.197.90:80

186.75.241.230:80

73.214.99.25:80

rsa_pubkey.plain

Targets

    • Target

      46d2249fc725fac0564b2e970f7a17dc_JaffaCakes118

    • Size

      484KB

    • MD5

      46d2249fc725fac0564b2e970f7a17dc

    • SHA1

      4498272e22d1826a74f8657439a1499bf955b95f

    • SHA256

      24e9387a84a0c0a46dde8cda69b5c727e8cfeb9b2334c631007a66b1e456f77d

    • SHA512

      d5f1bc2c58c5eedf762946e37cbc44f1c304c3f7ff1a8ae2332dd8217482aa653cbc58cfcf70fc348f31ca0f2022da86c59d7fb80bb2ca1985f8896e38fb508d

    • SSDEEP

      6144:TWun+hlYGfH7Q1BJLMoGLOk8tWlKTZFLa+CUpWHRKKTfEffk5zMuA/v4O66VS02a:TWuQYGfH76LMof9txfLNGlBHLt9+

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks