General

  • Target

    7d096b53c88a1c61060fc5c71130442a_JaffaCakes118

  • Size

    667KB

  • Sample

    240528-p7l3nsec8t

  • MD5

    7d096b53c88a1c61060fc5c71130442a

  • SHA1

    c89af4682f1a5e5064522c16dbfd13a41b2526ca

  • SHA256

    72830c1c970602c2681b14576c0f9614eec12b69fdeb575e5b8d7cdad8190cee

  • SHA512

    3e2b74ed1443c56b983114e1f867d93e5bda75ee3a9c1c7049ac50690e82b5048adbd88f8dd43be462f8be045eafab7a9e36eaeb15771b1708d3f4d64ff257cf

  • SSDEEP

    12288:6+JJG//twCZ1CFy6jpcFnRO6QuiCDuBMoC4azA:6+J6/twC1N6jiVk6Quix4U

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

104.193.103.61:80

104.131.123.136:443

5.196.108.189:8080

121.124.124.40:7080

87.106.139.101:8080

213.196.135.145:80

50.35.17.13:80

38.18.235.242:80

24.43.32.186:80

82.80.155.43:80

103.86.49.11:8080

113.61.66.94:80

24.137.76.62:80

187.49.206.134:80

42.200.107.142:80

24.179.13.119:80

93.147.212.206:80

108.46.29.236:80

105.186.233.33:80

37.139.21.175:8080

rsa_pubkey.plain

Targets

    • Target

      7d096b53c88a1c61060fc5c71130442a_JaffaCakes118

    • Size

      667KB

    • MD5

      7d096b53c88a1c61060fc5c71130442a

    • SHA1

      c89af4682f1a5e5064522c16dbfd13a41b2526ca

    • SHA256

      72830c1c970602c2681b14576c0f9614eec12b69fdeb575e5b8d7cdad8190cee

    • SHA512

      3e2b74ed1443c56b983114e1f867d93e5bda75ee3a9c1c7049ac50690e82b5048adbd88f8dd43be462f8be045eafab7a9e36eaeb15771b1708d3f4d64ff257cf

    • SSDEEP

      12288:6+JJG//twCZ1CFy6jpcFnRO6QuiCDuBMoC4azA:6+J6/twC1N6jiVk6Quix4U

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

MITRE ATT&CK Matrix

Tasks