General

  • Target

    83dd8be977dc1dbcac4463e666c7ad33_JaffaCakes118

  • Size

    632KB

  • Sample

    240530-l8yw3seh55

  • MD5

    83dd8be977dc1dbcac4463e666c7ad33

  • SHA1

    1fdb855b7aeb3b984c24d540980ae0e24c46f66a

  • SHA256

    b0a7903a6fe77b221c51bee2f0575f0f97b3d63ba9ee351d33266d78536bfd2f

  • SHA512

    a1cc7289f99979b566c0e623e77d75513db9cde8e57304346751fd14bbf47e9bbc04cc4d242e63d37b1650d6d81ca412af03a89b4f33bc9ce4bf8efc03486761

  • SSDEEP

    12288:BCjBePRPHFPikH0+IQmOZJ6+Px7ZFp5LPHJ:jPdikU+IQ1Zt7ZFPHJ

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

186.109.104.67:80

185.86.148.68:443

139.99.157.213:8080

105.213.67.88:80

190.53.144.120:80

203.153.216.182:7080

81.214.253.80:443

195.201.56.70:8080

201.213.177.139:80

31.146.61.34:80

177.144.130.105:443

92.24.51.238:80

197.83.232.19:80

105.209.235.113:8080

188.0.135.237:80

176.9.93.82:7080

190.164.75.175:80

188.251.213.180:443

87.106.231.60:8080

113.161.148.81:80

rsa_pubkey.plain

Targets

    • Target

      83dd8be977dc1dbcac4463e666c7ad33_JaffaCakes118

    • Size

      632KB

    • MD5

      83dd8be977dc1dbcac4463e666c7ad33

    • SHA1

      1fdb855b7aeb3b984c24d540980ae0e24c46f66a

    • SHA256

      b0a7903a6fe77b221c51bee2f0575f0f97b3d63ba9ee351d33266d78536bfd2f

    • SHA512

      a1cc7289f99979b566c0e623e77d75513db9cde8e57304346751fd14bbf47e9bbc04cc4d242e63d37b1650d6d81ca412af03a89b4f33bc9ce4bf8efc03486761

    • SSDEEP

      12288:BCjBePRPHFPikH0+IQmOZJ6+Px7ZFp5LPHJ:jPdikU+IQ1Zt7ZFPHJ

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

MITRE ATT&CK Matrix

Tasks