General

  • Target

    8076b3bea535fcb54b93eeaf3250164b_JaffaCakes118

  • Size

    508KB

  • Sample

    240529-mq8t1abg9x

  • MD5

    8076b3bea535fcb54b93eeaf3250164b

  • SHA1

    8af9a4de4a437946bd072ddb9a89bea63d3eb133

  • SHA256

    d8a013b7c110eea5b3fe1295dbccbb7f7cd29b52a28044d059e340849772124b

  • SHA512

    5f5efe445fcaeb08e245b137a0c7d47287be5b52ef2824c8eb15466e4ef174899bc1158591e92815c99246408d3e0c501d5dea5fefd5c5e62802acbbc0d13f32

  • SSDEEP

    6144:cD4tnT+zJou0QgC82pGejtQ930xbYVzv2rsFBViXRn3eoECjb67LnTyKadUQF/yP:He2CbYVz+wWeoECfWyhdX+4W

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

113.61.76.239:80

111.125.71.22:8080

80.11.158.65:8080

96.126.121.64:443

104.236.137.72:8080

85.234.143.94:8080

80.85.87.122:8080

190.146.131.105:8080

201.213.32.59:80

192.241.146.84:8080

83.165.163.225:80

63.246.252.234:80

181.198.203.45:443

109.169.86.13:8080

45.50.177.164:80

190.97.30.167:990

5.196.35.138:7080

181.36.42.205:443

119.59.124.163:8080

181.231.62.54:80

rsa_pubkey.plain

Targets

    • Target

      8076b3bea535fcb54b93eeaf3250164b_JaffaCakes118

    • Size

      508KB

    • MD5

      8076b3bea535fcb54b93eeaf3250164b

    • SHA1

      8af9a4de4a437946bd072ddb9a89bea63d3eb133

    • SHA256

      d8a013b7c110eea5b3fe1295dbccbb7f7cd29b52a28044d059e340849772124b

    • SHA512

      5f5efe445fcaeb08e245b137a0c7d47287be5b52ef2824c8eb15466e4ef174899bc1158591e92815c99246408d3e0c501d5dea5fefd5c5e62802acbbc0d13f32

    • SSDEEP

      6144:cD4tnT+zJou0QgC82pGejtQ930xbYVzv2rsFBViXRn3eoECjb67LnTyKadUQF/yP:He2CbYVz+wWeoECfWyhdX+4W

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks