General

  • Target

    66c2809047f063087a05a2e5718542e2_JaffaCakes118

  • Size

    1.9MB

  • Sample

    240522-k66y8sad9w

  • MD5

    66c2809047f063087a05a2e5718542e2

  • SHA1

    61b9f2a16264e2584d13f5c637df7064bbe13504

  • SHA256

    e87d0f8b97449825834e7d38e57dd783ba40dcc4e840308d67c79c601a4161c6

  • SHA512

    bcfd5062b47153e0dfc4998de1eef4471da047cc9235538a87c7ba20c088fad9ae9edf9c53fc252c2377e753db2cac80b9d5c7eda33f74e8e0969f3dd616f12f

  • SSDEEP

    24576:z825Kz3iScbWjRZ0L006Dk/mZfUanuoUSyetjIJRWbVX8UKzpr8enI6F:RM3eonpQ/mpvuvSye9IObp89pre6

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

91.220.131.87:50005

91.220.131.87:50006

Attributes
  • service_name

    Enterprise Mailing Service

Targets

    • Target

      66c2809047f063087a05a2e5718542e2_JaffaCakes118

    • Size

      1.9MB

    • MD5

      66c2809047f063087a05a2e5718542e2

    • SHA1

      61b9f2a16264e2584d13f5c637df7064bbe13504

    • SHA256

      e87d0f8b97449825834e7d38e57dd783ba40dcc4e840308d67c79c601a4161c6

    • SHA512

      bcfd5062b47153e0dfc4998de1eef4471da047cc9235538a87c7ba20c088fad9ae9edf9c53fc252c2377e753db2cac80b9d5c7eda33f74e8e0969f3dd616f12f

    • SSDEEP

      24576:z825Kz3iScbWjRZ0L006Dk/mZfUanuoUSyetjIJRWbVX8UKzpr8enI6F:RM3eonpQ/mpvuvSye9IObp89pre6

    • SendSafe

      SendSafe is a notorious spam tool which then turned into spam botnet.

    • SendSafe payload

MITRE ATT&CK Matrix

Tasks