General

  • Target

    4bf6f09c41fcfd82a1496bdbd0182d17_JaffaCakes118

  • Size

    223KB

  • Sample

    240516-tslktadc56

  • MD5

    4bf6f09c41fcfd82a1496bdbd0182d17

  • SHA1

    4427418e67ae05ff601ad2ad0e23633dc95f1710

  • SHA256

    78f2bd356bb5d27d336fbbc531c501e35498422676be416558fbc496541557fa

  • SHA512

    a0e1f6d2df178467fd35b8f62d9a7c9c7544fac249cd3724a89559e8d4c1dafed2910efae621801568414b909b003c5c043abedb99ea261146b0fefa234f39cb

  • SSDEEP

    3072:Eyg+4QGdH30VqIIpLnS80IJTDuSeJ4MY66AWIqm+F0+2nkIrhWiPQFuSefttvTcb:h5Vq/pn1lWSe060++q+YTwi4Fu/TlB9i

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

144.76.56.36:8080

78.47.106.72:8080

165.227.156.155:443

192.241.255.77:8080

83.136.245.190:8080

91.205.215.66:8080

190.226.44.20:21

186.75.241.230:80

217.160.182.191:8080

190.145.67.134:8090

86.22.221.170:80

149.202.153.252:8080

80.11.163.139:21

181.31.213.158:8080

183.102.238.69:465

186.4.172.5:8080

104.131.44.150:8080

211.63.71.72:8080

31.172.240.91:8080

115.78.95.230:443

rsa_pubkey.plain

Targets

    • Target

      4bf6f09c41fcfd82a1496bdbd0182d17_JaffaCakes118

    • Size

      223KB

    • MD5

      4bf6f09c41fcfd82a1496bdbd0182d17

    • SHA1

      4427418e67ae05ff601ad2ad0e23633dc95f1710

    • SHA256

      78f2bd356bb5d27d336fbbc531c501e35498422676be416558fbc496541557fa

    • SHA512

      a0e1f6d2df178467fd35b8f62d9a7c9c7544fac249cd3724a89559e8d4c1dafed2910efae621801568414b909b003c5c043abedb99ea261146b0fefa234f39cb

    • SSDEEP

      3072:Eyg+4QGdH30VqIIpLnS80IJTDuSeJ4MY66AWIqm+F0+2nkIrhWiPQFuSefttvTcb:h5Vq/pn1lWSe060++q+YTwi4Fu/TlB9i

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks