General

  • Target

    80bf1f1227dd58ed1738c163dc9b2b44_JaffaCakes118

  • Size

    536KB

  • Sample

    240529-prvd4sed6s

  • MD5

    80bf1f1227dd58ed1738c163dc9b2b44

  • SHA1

    3816f4125718918b135c7531e9f296fd0f74d1d0

  • SHA256

    e92048605c15b719712538b7752cb78b6355958dfa5e8cae98f1fed26148fcc0

  • SHA512

    23dc3a8c873a8c477ebc2792215964d0b98b647dba929fc24f9412b13a35553289bee5d54ca396f4dfa34199845603a1d0ee47abd4af9a5aef5abfe462d1e15e

  • SSDEEP

    6144:m5B/k88jWYB5wdZskfKh7iNtjvruh9BkrLmlGmgK:c/k85OGekfkyvruBk/m8mg

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

187.131.163.89:7080

85.104.121.33:8443

124.150.175.133:80

198.57.217.170:8080

45.56.122.75:80

138.197.140.163:8080

157.7.164.178:8081

181.36.42.205:443

212.112.113.235:80

185.45.24.254:7080

144.76.62.10:8080

201.196.15.79:990

94.177.253.126:80

113.52.135.33:7080

189.218.243.150:443

190.217.1.149:80

190.55.39.215:80

187.143.219.242:8080

186.146.110.108:8080

42.190.4.92:443

rsa_pubkey.plain

Targets

    • Target

      80bf1f1227dd58ed1738c163dc9b2b44_JaffaCakes118

    • Size

      536KB

    • MD5

      80bf1f1227dd58ed1738c163dc9b2b44

    • SHA1

      3816f4125718918b135c7531e9f296fd0f74d1d0

    • SHA256

      e92048605c15b719712538b7752cb78b6355958dfa5e8cae98f1fed26148fcc0

    • SHA512

      23dc3a8c873a8c477ebc2792215964d0b98b647dba929fc24f9412b13a35553289bee5d54ca396f4dfa34199845603a1d0ee47abd4af9a5aef5abfe462d1e15e

    • SSDEEP

      6144:m5B/k88jWYB5wdZskfKh7iNtjvruh9BkrLmlGmgK:c/k85OGekfkyvruBk/m8mg

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks