General

  • Target

    7f147afcf2c6ca1e1996713efdfba9d5_JaffaCakes118

  • Size

    768KB

  • Sample

    240529-bvgqjacg4z

  • MD5

    7f147afcf2c6ca1e1996713efdfba9d5

  • SHA1

    7b4514a1bf87873fb68f771cc6c74b2c98b0a049

  • SHA256

    7e0a9d819f26096c598cebf4bf31ccff963a8136cb9139524e8c8778c5479f0e

  • SHA512

    d8d25902b76942b6137f291fa11f059c90692552295bebdaff85f5752f555085290f4572baecdb7c04ca592fb6f387210dd126ad0b3c14a0a2d35976eb580f38

  • SSDEEP

    12288:Tt5HomFkvrNa5CQdLSMkWexT6tsZNTDFUfalpcy+:TnRkzWex6tsxUCcJ

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

165.227.156.155:443

104.239.175.211:8080

67.225.179.64:8080

192.241.220.155:8080

179.12.170.148:8080

5.196.74.210:8080

189.209.217.49:80

178.79.161.166:443

190.228.72.244:53

105.228.98.115:443

31.172.240.91:8080

136.243.177.26:8080

87.230.19.21:8080

171.101.153.86:990

37.157.194.134:443

209.141.41.136:8080

91.205.215.66:8080

167.99.105.223:7080

83.136.245.190:8080

167.71.10.37:8080

rsa_pubkey.plain

Targets

    • Target

      7f147afcf2c6ca1e1996713efdfba9d5_JaffaCakes118

    • Size

      768KB

    • MD5

      7f147afcf2c6ca1e1996713efdfba9d5

    • SHA1

      7b4514a1bf87873fb68f771cc6c74b2c98b0a049

    • SHA256

      7e0a9d819f26096c598cebf4bf31ccff963a8136cb9139524e8c8778c5479f0e

    • SHA512

      d8d25902b76942b6137f291fa11f059c90692552295bebdaff85f5752f555085290f4572baecdb7c04ca592fb6f387210dd126ad0b3c14a0a2d35976eb580f38

    • SSDEEP

      12288:Tt5HomFkvrNa5CQdLSMkWexT6tsZNTDFUfalpcy+:TnRkzWex6tsxUCcJ

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks