General

  • Target

    821610d658ca5a52ae520293c607e690_JaffaCakes118

  • Size

    416KB

  • Sample

    240529-1x27pabe3s

  • MD5

    821610d658ca5a52ae520293c607e690

  • SHA1

    c1d5ba53aed709931f405125dbc41d11abc9a4f8

  • SHA256

    96141e728ddaf7683edddb3ca2013472f62866b4a4d6970d37e9fee1563112f8

  • SHA512

    b557e868da3608c2a96ac686585d62939f8bca47e88ad6df59bb3abe20c716708d652fd29df776f73e2d0fb216a97549caca962887bbae23c56953127e673dab

  • SSDEEP

    6144:F2vTF5IEhTW+gsTWhnTiuwbXbHeO7+jMj8e51I:FkTfgsTWh+umeO7+88e5

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

173.94.215.84:80

85.25.207.108:8080

178.128.14.92:8080

60.125.114.64:443

181.126.54.234:80

157.7.164.178:8081

95.216.205.155:8080

216.75.37.196:8080

179.62.238.49:80

71.57.180.213:80

172.96.190.154:8080

112.78.142.170:80

178.238.232.46:443

177.144.130.105:443

105.209.235.113:8080

46.105.131.68:8080

185.86.148.68:443

143.95.101.72:8080

75.127.14.170:8080

168.0.97.6:80

rsa_pubkey.plain

Targets

    • Target

      821610d658ca5a52ae520293c607e690_JaffaCakes118

    • Size

      416KB

    • MD5

      821610d658ca5a52ae520293c607e690

    • SHA1

      c1d5ba53aed709931f405125dbc41d11abc9a4f8

    • SHA256

      96141e728ddaf7683edddb3ca2013472f62866b4a4d6970d37e9fee1563112f8

    • SHA512

      b557e868da3608c2a96ac686585d62939f8bca47e88ad6df59bb3abe20c716708d652fd29df776f73e2d0fb216a97549caca962887bbae23c56953127e673dab

    • SSDEEP

      6144:F2vTF5IEhTW+gsTWhnTiuwbXbHeO7+jMj8e51I:FkTfgsTWh+umeO7+88e5

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

MITRE ATT&CK Matrix

Tasks