General

  • Target

    83a2ef8f30c7a75b1ff86d066d29291d_JaffaCakes118

  • Size

    300KB

  • Sample

    240530-ktg5cadd34

  • MD5

    83a2ef8f30c7a75b1ff86d066d29291d

  • SHA1

    07fbf9c562b18901cd4f0bba45769d83be0c43fe

  • SHA256

    a4c1c37df78b626dd40ab4ba83d243690111e6f0fbe9cb8ec804e74ef406b9fd

  • SHA512

    989bbfad5455b198a9b0b18c3790fa9c757558369b9f2276883d946d3e614eda84ae871e5c169914a150044203e4a8c315b9ce1f7e931391a4afac9342f4fac3

  • SSDEEP

    6144:fnI1ftffXH4XfKIaDl8rKVgK02TjL+e9:w1fZ2fIJLt9

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

190.38.252.45:443

105.225.77.21:80

181.167.35.84:80

164.68.115.146:8080

5.189.148.98:8080

46.105.128.215:8080

69.30.205.162:7080

190.161.67.63:80

81.82.247.216:80

72.69.99.47:80

172.90.70.168:443

91.117.31.181:80

200.71.112.158:53

51.77.113.97:8080

190.101.87.170:80

96.234.38.186:8080

190.146.14.143:443

86.70.224.211:80

88.247.26.78:80

175.103.239.50:80

rsa_pubkey.plain

Targets

    • Target

      83a2ef8f30c7a75b1ff86d066d29291d_JaffaCakes118

    • Size

      300KB

    • MD5

      83a2ef8f30c7a75b1ff86d066d29291d

    • SHA1

      07fbf9c562b18901cd4f0bba45769d83be0c43fe

    • SHA256

      a4c1c37df78b626dd40ab4ba83d243690111e6f0fbe9cb8ec804e74ef406b9fd

    • SHA512

      989bbfad5455b198a9b0b18c3790fa9c757558369b9f2276883d946d3e614eda84ae871e5c169914a150044203e4a8c315b9ce1f7e931391a4afac9342f4fac3

    • SSDEEP

      6144:fnI1ftffXH4XfKIaDl8rKVgK02TjL+e9:w1fZ2fIJLt9

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks