General

  • Target

    66c2ce11b3636ee5f3ed0192f50ee19d_JaffaCakes118

  • Size

    2.0MB

  • Sample

    240522-k7njaaae2t

  • MD5

    66c2ce11b3636ee5f3ed0192f50ee19d

  • SHA1

    2afa665e2d4c2638cdede1ea2e9927ef8f9c4b58

  • SHA256

    cd835337d63770d64b22847ce303efbeeeae7e08b9894e20d71632bc828b139c

  • SHA512

    ec0fff72e69dc2e23a926013edd1fcaeab3afa06f3db6ba983ed1e86f081b3190b89975d7f39c567b2868236c87b1615be85edbae374119efb0e9d1ed345cb06

  • SSDEEP

    49152:vKKzKtoceRyBrtvVfMe401oLpUOvys5Oj:vHK2o9z40ClUOvyV

Malware Config

Extracted

Family

sendsafe

Botnet

UNREGISTERED

C2

91.220.131.94:50023

91.220.131.94:50024

Attributes
  • service_name

    Enterprise Mailing Service

Targets

    • Target

      66c2ce11b3636ee5f3ed0192f50ee19d_JaffaCakes118

    • Size

      2.0MB

    • MD5

      66c2ce11b3636ee5f3ed0192f50ee19d

    • SHA1

      2afa665e2d4c2638cdede1ea2e9927ef8f9c4b58

    • SHA256

      cd835337d63770d64b22847ce303efbeeeae7e08b9894e20d71632bc828b139c

    • SHA512

      ec0fff72e69dc2e23a926013edd1fcaeab3afa06f3db6ba983ed1e86f081b3190b89975d7f39c567b2868236c87b1615be85edbae374119efb0e9d1ed345cb06

    • SSDEEP

      49152:vKKzKtoceRyBrtvVfMe401oLpUOvys5Oj:vHK2o9z40ClUOvyV

    • SendSafe

      SendSafe is a notorious spam tool which then turned into spam botnet.

    • SendSafe payload

MITRE ATT&CK Matrix

Tasks