General

  • Target

    5c5493386b7c20bc9ed674116ef8301f_JaffaCakes118

  • Size

    440KB

  • Sample

    240520-a4yjzabf65

  • MD5

    5c5493386b7c20bc9ed674116ef8301f

  • SHA1

    5b6cca55105414af760339bea2bf200f6915b342

  • SHA256

    328a32bf73b1049c29f46b64e0b21d81a2acf668c715e1b09b3a3c4f1439ca19

  • SHA512

    d5e56efa637250a474d5b87b837cd3d8266053607d72b700fd949b1afcc31f47b2070317dff5c76c76d448a281de704c907ce0ea0a6d93f04b402545163f547c

  • SSDEEP

    6144:n4E+SzWjtInn/Y+Ntws/0ztR2GrfbnsCN9BGzZGU3vFI0RQ:zWj+/NHszH2ufbnsCNCtGkFFy

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

189.159.113.125:8080

200.51.94.251:80

45.33.54.74:443

209.141.41.136:8080

185.94.252.13:443

186.75.241.230:80

201.251.43.69:8080

190.226.44.20:21

152.89.236.214:8080

80.11.163.139:443

124.240.198.66:80

94.205.247.10:80

27.147.163.188:8080

95.128.43.213:8080

217.160.182.191:8080

169.239.182.217:8080

103.39.131.88:80

178.79.161.166:443

182.176.132.213:8090

190.211.207.11:443

rsa_pubkey.plain

Targets

    • Target

      5c5493386b7c20bc9ed674116ef8301f_JaffaCakes118

    • Size

      440KB

    • MD5

      5c5493386b7c20bc9ed674116ef8301f

    • SHA1

      5b6cca55105414af760339bea2bf200f6915b342

    • SHA256

      328a32bf73b1049c29f46b64e0b21d81a2acf668c715e1b09b3a3c4f1439ca19

    • SHA512

      d5e56efa637250a474d5b87b837cd3d8266053607d72b700fd949b1afcc31f47b2070317dff5c76c76d448a281de704c907ce0ea0a6d93f04b402545163f547c

    • SSDEEP

      6144:n4E+SzWjtInn/Y+Ntws/0ztR2GrfbnsCN9BGzZGU3vFI0RQ:zWj+/NHszH2ufbnsCNCtGkFFy

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks