General

  • Target

    5b0af3dce15d92a5a7b8a37de83eeaa7_JaffaCakes118

  • Size

    416KB

  • Sample

    240519-x3a4lsdg7w

  • MD5

    5b0af3dce15d92a5a7b8a37de83eeaa7

  • SHA1

    6dcd0197106aad03ebb99fe5b48e07030eee313c

  • SHA256

    75d39cde8311668ffaea4a2211eb81690af2cfb39e8407dd73fdac3e1c7cc777

  • SHA512

    6c02ee833a5c348ebf81d00a27de74b727055636da4fb8cda0fbcc7f81d8627731c7af22842cb80b061f233d2f29791b1c1342c95d6fce611c7f5d28a7a4be61

  • SSDEEP

    6144:BL0ofRj4RzQF/zpWDdnXrZ+S7fSShT7bh1XhtGpmjc95bTYDbpaX:BLVRsRzQDWDxZ+gf17bh1XEm4ffobpaX

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

178.153.91.22:80

92.17.138.248:80

114.183.140.94:80

172.105.213.30:80

69.30.205.162:7080

50.63.13.135:8080

192.161.190.171:8080

210.111.160.220:80

181.44.166.242:80

41.218.118.66:80

46.17.6.116:8080

142.93.87.198:8080

113.52.135.33:7080

187.177.155.123:990

172.90.70.168:443

198.57.217.170:8080

123.142.37.165:80

95.216.212.157:8080

187.250.92.82:80

216.75.37.196:8080

rsa_pubkey.plain

Targets

    • Target

      5b0af3dce15d92a5a7b8a37de83eeaa7_JaffaCakes118

    • Size

      416KB

    • MD5

      5b0af3dce15d92a5a7b8a37de83eeaa7

    • SHA1

      6dcd0197106aad03ebb99fe5b48e07030eee313c

    • SHA256

      75d39cde8311668ffaea4a2211eb81690af2cfb39e8407dd73fdac3e1c7cc777

    • SHA512

      6c02ee833a5c348ebf81d00a27de74b727055636da4fb8cda0fbcc7f81d8627731c7af22842cb80b061f233d2f29791b1c1342c95d6fce611c7f5d28a7a4be61

    • SSDEEP

      6144:BL0ofRj4RzQF/zpWDdnXrZ+S7fSShT7bh1XhtGpmjc95bTYDbpaX:BLVRsRzQDWDxZ+gf17bh1XEm4ffobpaX

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks