emotet | 4f73df9250499d30ecfe3fc30776da60_JaffaCakes118

General

Target

4f73df9250499d30ecfe3fc30776da60_JaffaCakes118
Size

62KB
MD5

4f73df9250499d30ecfe3fc30776da60
SHA1

93df70f25169dffaed975bfb7bc5095c50ce6d72
SHA256

ef7a73712f7243bf872a36d6975dd7daaf02b44a5751489f84130c8a53351503
SHA512

f0f7f28cf257e6b2a05d40d0629be790870854b007d198edbfb361054064f6a096a261d9736db6407970aa7a3e317f49d5ba35639885c1dd6e0f5d780b5125a6
SSDEEP

1536:GpEHGXHswgKUokPaPfkM8Mf7hBGz0A4Ya6F+ne3bK:IzHsAUokS8u7h8IA4YdW

Score

10^/10

epoch1 emotet

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

181.59.253.20:21

14.160.93.230:80

74.208.68.48:8080

104.131.58.132:8080

68.183.190.199:8080

62.75.143.100:7080

159.203.204.126:8080

151.80.142.33:80

123.168.4.66:22

46.28.111.142:7080

46.101.212.195:8080

183.82.97.25:80

190.10.194.42:8080

217.199.160.224:8080

186.1.41.111:443

185.86.148.222:8080

185.187.198.10:8080

200.57.102.71:8443

114.79.134.129:443

80.85.87.122:8080

rsa_pubkey.plain

Signatures

Emotet family
emotet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f73df9250499d30ecfe3fc30776da60_JaffaCakes118

Files

4f73df9250499d30ecfe3fc30776da60_JaffaCakes118
.exe windows:6 windows x86 arch:x86

009889c73bd2e55113bf6dfa5f395e0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsProcessorFeaturePresent

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

009889c73bd2e55113bf6dfa5f395e0d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 16KB

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 16KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 1KB - Virtual size: 1KB