General

  • Target

    82f7b7d46b7f7d2720ae2b6f25f0cddc_JaffaCakes118

  • Size

    258KB

  • Sample

    240530-eh3zsaef52

  • MD5

    82f7b7d46b7f7d2720ae2b6f25f0cddc

  • SHA1

    24283ee3378560245739f136dffa9d94863668d4

  • SHA256

    5f8093bc34b82ee85c4ebd3767c74573eea32660fb8354221d79620c404b2c19

  • SHA512

    610545e2b091481dd02da969111bac81c78331c582623a4bef4fd446b3f0d6cfa410c04980d6c8bfdcdf9da8a7d9ca939d6730deb7b2cba43b465553c8055403

  • SSDEEP

    6144:8OvjHC4lzb94HfwRG9eqoZTCpy539Nhvxg3cayb6GpWFX:9jHC4lzb94HfCXoMxpvxwrygFX

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

187.188.166.192:80

42.190.4.92:443

170.130.31.177:8080

51.255.165.160:8080

45.56.79.249:443

60.52.64.122:80

190.182.161.7:8080

86.42.166.147:80

91.83.93.124:7080

186.1.41.111:443

51.15.8.192:8080

104.131.58.132:8080

142.93.114.137:8080

201.213.32.59:80

163.172.40.218:7080

190.230.60.129:80

87.106.77.40:7080

190.230.60.129:8080

190.79.228.89:443

178.249.187.151:8080

rsa_pubkey.plain

Targets

    • Target

      82f7b7d46b7f7d2720ae2b6f25f0cddc_JaffaCakes118

    • Size

      258KB

    • MD5

      82f7b7d46b7f7d2720ae2b6f25f0cddc

    • SHA1

      24283ee3378560245739f136dffa9d94863668d4

    • SHA256

      5f8093bc34b82ee85c4ebd3767c74573eea32660fb8354221d79620c404b2c19

    • SHA512

      610545e2b091481dd02da969111bac81c78331c582623a4bef4fd446b3f0d6cfa410c04980d6c8bfdcdf9da8a7d9ca939d6730deb7b2cba43b465553c8055403

    • SSDEEP

      6144:8OvjHC4lzb94HfwRG9eqoZTCpy539Nhvxg3cayb6GpWFX:9jHC4lzb94HfCXoMxpvxwrygFX

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks