emotet | 50474567ec12a15725e9ed4f909253f3_JaffaCakes118

General

Target

50474567ec12a15725e9ed4f909253f3_JaffaCakes118
Size

58KB
MD5

50474567ec12a15725e9ed4f909253f3
SHA1

b7ea91120b3bbe79e6ca75ab6be4fe5edeb68f3a
SHA256

b4785b9e4cf0057aea0182082bb07f7aad550e1f2330ab8e3a5c9a8babb00942
SHA512

32fcbcc487d9a543b5ac43ac1db7979a39ded46b21d9cee75e0b4b0eaafd76863e5f97125bd11fe76a8611d43b216aced9823ab4a3732891e34c10a21aae02db
SSDEEP

1536:QKlUb+Dm4s9hN1YkPDckM8HsquOBcrqqRTVrdnsqiMSoke:5I4sZ1YkPH1BcGqFVrBDr

Score

10^/10

epoch2 emotet

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

80.11.163.139:443

85.54.169.141:8080

185.14.187.201:8080

45.79.188.67:8080

63.142.253.122:8080

24.51.106.145:21

91.205.215.66:8080

222.214.218.192:8080

80.11.163.139:21

190.108.228.48:990

88.247.163.44:80

88.156.97.210:80

95.128.43.213:8080

211.63.71.72:8080

182.176.132.213:8090

182.176.106.43:995

186.4.172.5:8080

178.79.161.166:443

101.187.237.217:20

136.243.177.26:8080

rsa_pubkey.plain

Signatures

Emotet family
emotet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
50474567ec12a15725e9ed4f909253f3_JaffaCakes118

Files

50474567ec12a15725e9ed4f909253f3_JaffaCakes118
.dll windows:6 windows x86 arch:x86

009889c73bd2e55113bf6dfa5f395e0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsProcessorFeaturePresent

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

009889c73bd2e55113bf6dfa5f395e0d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 14KB

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 1024B - Virtual size: 1012B

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 14KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 1024B - Virtual size: 1012B