General

  • Target

    6079f2d16be35cd6aa4d6225d6d61dd5_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240520-wqrp6acc9t

  • MD5

    6079f2d16be35cd6aa4d6225d6d61dd5

  • SHA1

    c47b3d3936041acfb2069a883ea25a8d17b976ef

  • SHA256

    f714d214cbc968eabb697e2a63427ae7cfa86a358c0e80da0e887bbaf33b0245

  • SHA512

    c4c04947d45307b8d17c7eae8ff28da6e02de198791708767bb03c82a0207d529a7e34d97b01ab2ebc4678f1a32b212d17ee47f91a03ac1da47511e2b2296d50

  • SSDEEP

    49152:rEOYCOyarEdD8YPujyuAJhqDI0quQql3DnxN:slyacIAuyJhqEEQql3t

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

31.184.198.249:50003

31.184.198.249:50004

Attributes
  • service_name

    Enterprise Mailing Service

Targets

    • Target

      6079f2d16be35cd6aa4d6225d6d61dd5_JaffaCakes118

    • Size

      1.8MB

    • MD5

      6079f2d16be35cd6aa4d6225d6d61dd5

    • SHA1

      c47b3d3936041acfb2069a883ea25a8d17b976ef

    • SHA256

      f714d214cbc968eabb697e2a63427ae7cfa86a358c0e80da0e887bbaf33b0245

    • SHA512

      c4c04947d45307b8d17c7eae8ff28da6e02de198791708767bb03c82a0207d529a7e34d97b01ab2ebc4678f1a32b212d17ee47f91a03ac1da47511e2b2296d50

    • SSDEEP

      49152:rEOYCOyarEdD8YPujyuAJhqDI0quQql3DnxN:slyacIAuyJhqEEQql3t

    • SendSafe

      SendSafe is a notorious spam tool which then turned into spam botnet.

    • SendSafe payload

MITRE ATT&CK Matrix

Tasks