General

  • Target

    7597552b68271f3d6d8c366b0b5bb6b9_JaffaCakes118

  • Size

    372KB

  • Sample

    240526-qjh7jsgf63

  • MD5

    7597552b68271f3d6d8c366b0b5bb6b9

  • SHA1

    729fe9b9ab914b57fc97f340c1f2693257abf618

  • SHA256

    d030b22028562ca3ee5626f49b69fe67fe4179b58a9f1d7ca60ce73313aee458

  • SHA512

    99910eaf6191b25f3fe0a33e885007c7acc95cff78e475aeda3a384fecfeb12db634b0455942c986674aa4b7b21562339d15278dc031d8f9e37cc9abe57f50d1

  • SSDEEP

    3072:kOyZOBiqrMw7Dio8kejJiKyyePELi0ugqzYlcJlpEXPoCv/WD537Op/2iglw1Rg:kOy8RMw7Gzesi0ugqElcJA0rOpRU

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

144.76.56.36:8080

78.47.106.72:8080

165.227.156.155:443

192.241.255.77:8080

83.136.245.190:8080

91.205.215.66:8080

190.226.44.20:21

186.75.241.230:80

217.160.182.191:8080

190.145.67.134:8090

86.22.221.170:80

149.202.153.252:8080

80.11.163.139:21

181.31.213.158:8080

183.102.238.69:465

186.4.172.5:8080

104.131.44.150:8080

211.63.71.72:8080

31.172.240.91:8080

115.78.95.230:443

rsa_pubkey.plain

Targets

    • Target

      7597552b68271f3d6d8c366b0b5bb6b9_JaffaCakes118

    • Size

      372KB

    • MD5

      7597552b68271f3d6d8c366b0b5bb6b9

    • SHA1

      729fe9b9ab914b57fc97f340c1f2693257abf618

    • SHA256

      d030b22028562ca3ee5626f49b69fe67fe4179b58a9f1d7ca60ce73313aee458

    • SHA512

      99910eaf6191b25f3fe0a33e885007c7acc95cff78e475aeda3a384fecfeb12db634b0455942c986674aa4b7b21562339d15278dc031d8f9e37cc9abe57f50d1

    • SSDEEP

      3072:kOyZOBiqrMw7Dio8kejJiKyyePELi0ugqzYlcJlpEXPoCv/WD537Op/2iglw1Rg:kOy8RMw7Gzesi0ugqElcJA0rOpRU

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks