General

  • Target

    79bac4334dc123c612ec36d003ab60f8_JaffaCakes118

  • Size

    336KB

  • Sample

    240527-twkspabb76

  • MD5

    79bac4334dc123c612ec36d003ab60f8

  • SHA1

    ad16953fef4212ab182c22f4a91a067a91b0a9e9

  • SHA256

    8a69ebc7ed429210e3f599c809699cd3204ab237ed7a766859822690a1381455

  • SHA512

    9046913c755c10579888a2eb064e295c347fd23ee11fd8cfa36c8438bb15e8b1916eae5f3c753759f3fb182a572bde89ec40f3f02fca545aba715819920f66ee

  • SSDEEP

    6144:H6RABINtOofnGFxg9930Rgr35LvHdv9cObVSa6frUnPx:HyABIN8oIg9FP+OGYnP

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

66.209.97.122:8080

174.77.190.137:8080

104.137.176.186:80

165.227.156.155:443

167.99.105.223:7080

67.225.179.64:8080

176.31.200.130:8080

5.196.74.210:8080

82.155.161.203:80

101.187.247.29:80

120.150.246.241:80

73.11.153.178:8080

91.205.215.66:443

70.46.247.81:80

24.93.212.32:80

139.130.241.252:443

70.175.171.251:80

217.160.182.191:8080

104.236.246.93:8080

98.24.231.64:80

rsa_pubkey.plain

Targets

    • Target

      79bac4334dc123c612ec36d003ab60f8_JaffaCakes118

    • Size

      336KB

    • MD5

      79bac4334dc123c612ec36d003ab60f8

    • SHA1

      ad16953fef4212ab182c22f4a91a067a91b0a9e9

    • SHA256

      8a69ebc7ed429210e3f599c809699cd3204ab237ed7a766859822690a1381455

    • SHA512

      9046913c755c10579888a2eb064e295c347fd23ee11fd8cfa36c8438bb15e8b1916eae5f3c753759f3fb182a572bde89ec40f3f02fca545aba715819920f66ee

    • SSDEEP

      6144:H6RABINtOofnGFxg9930Rgr35LvHdv9cObVSa6frUnPx:HyABIN8oIg9FP+OGYnP

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks