General

  • Target

    530262708dffc3b95fa8fd35cc4b4a94_JaffaCakes118

  • Size

    219KB

  • Sample

    240518-eyt2tabg39

  • MD5

    530262708dffc3b95fa8fd35cc4b4a94

  • SHA1

    72703d3917ad773543ab7f89813314b7d03560ef

  • SHA256

    9c9aad16a7f63c60be5e2b18f9143e2c78ae2aaf94369ce6575a827c7ee5c588

  • SHA512

    83081acada8846fc76f348df4abf23794b0f05aa75377d529e0f1d47356e04da82d551462566820c14eae0641407e2140e519a41de55a358f51ba0e40f9b1efb

  • SSDEEP

    3072:csHFUoGWkjsx0++qQ2WDczsDt9FK5bo8rhhyG+FcDOURtFwiQFuSefttvTcYlvO:nSM+qdUcgdK5MrFcDvonFu/TlBO

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

105.226.188.128:8090

91.205.173.54:8080

163.172.97.112:8080

72.47.202.235:8080

46.17.6.116:8080

46.105.131.68:8080

37.59.24.25:8080

152.169.32.143:8080

178.249.187.150:7080

23.253.207.142:8080

201.196.15.79:990

187.177.155.123:990

189.154.130.167:443

176.58.93.123:80

191.100.24.201:50000

192.163.221.191:8080

190.128.222.14:80

51.38.134.203:8080

157.7.164.178:8081

95.216.212.157:8080

rsa_pubkey.plain

Targets

    • Target

      530262708dffc3b95fa8fd35cc4b4a94_JaffaCakes118

    • Size

      219KB

    • MD5

      530262708dffc3b95fa8fd35cc4b4a94

    • SHA1

      72703d3917ad773543ab7f89813314b7d03560ef

    • SHA256

      9c9aad16a7f63c60be5e2b18f9143e2c78ae2aaf94369ce6575a827c7ee5c588

    • SHA512

      83081acada8846fc76f348df4abf23794b0f05aa75377d529e0f1d47356e04da82d551462566820c14eae0641407e2140e519a41de55a358f51ba0e40f9b1efb

    • SSDEEP

      3072:csHFUoGWkjsx0++qQ2WDczsDt9FK5bo8rhhyG+FcDOURtFwiQFuSefttvTcYlvO:nSM+qdUcgdK5MrFcDvonFu/TlBO

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks