General

  • Target

    56a5835bb0f93af28852afcdd5202176_JaffaCakes118

  • Size

    2.6MB

  • Sample

    240518-zbnazaec2y

  • MD5

    56a5835bb0f93af28852afcdd5202176

  • SHA1

    daf51072bf6001ccbe7c544d1e609a2e4aa56ea6

  • SHA256

    c6edbb64ac595d4942ad726b5b4b11165da4d1732fce344e0fefa2c5325a2157

  • SHA512

    d10b43338f41c70c82205f5e01c75cbe8d962f863bf5744939fedb36758c1f6a98504c2417fc2c5169d7e493d9a6523eeea11a79f9fe0b1ba61a7f7c88251975

  • SSDEEP

    49152:cznt7+MmxoEJRgaBXGW11o2iLoqKW4Esye9pk9T3N0:cva1sLoqGvPk9D

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

91.220.131.38:50009

91.220.131.38:50010

Attributes
  • service_name

    Enterprise Mailing Service

Targets

    • Target

      56a5835bb0f93af28852afcdd5202176_JaffaCakes118

    • Size

      2.6MB

    • MD5

      56a5835bb0f93af28852afcdd5202176

    • SHA1

      daf51072bf6001ccbe7c544d1e609a2e4aa56ea6

    • SHA256

      c6edbb64ac595d4942ad726b5b4b11165da4d1732fce344e0fefa2c5325a2157

    • SHA512

      d10b43338f41c70c82205f5e01c75cbe8d962f863bf5744939fedb36758c1f6a98504c2417fc2c5169d7e493d9a6523eeea11a79f9fe0b1ba61a7f7c88251975

    • SSDEEP

      49152:cznt7+MmxoEJRgaBXGW11o2iLoqKW4Esye9pk9T3N0:cva1sLoqGvPk9D

    • SendSafe

      SendSafe is a notorious spam tool which then turned into spam botnet.

    • SendSafe payload

MITRE ATT&CK Matrix

Tasks