General

  • Target

    84184cab629d2945d690aa0558bf5fa8_JaffaCakes118

  • Size

    232KB

  • Sample

    240530-nrpcesgg95

  • MD5

    84184cab629d2945d690aa0558bf5fa8

  • SHA1

    29a144e1644cabafd847f868969fedf09397bd68

  • SHA256

    ffee1d74c020a8010b38743031646ae6409e219d0e03c5696e40186e8e5e0a24

  • SHA512

    6cfdc6743f21416555c5b6f30101b16ce42439d562a5c299050e7eb3cbca34ca09947fe5d55ee4dffab59398e78e08d0cba91d3bccaafc16543e974fc5b9a353

  • SSDEEP

    3072:nFKmjt/NNzfr4/w4bhrmjqZ7kjHfZ1RqF+pUO6bd+kpgANA/y2oNj/:nLZN1r4PbhiK6HfZ1RqFwUTbXgANA/U

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

195.201.56.70:80

91.205.173.54:8080

163.172.97.112:8080

138.197.140.163:8080

83.169.33.157:8080

119.159.150.176:443

95.216.207.86:7080

154.120.227.206:8080

200.55.168.82:20

190.128.222.14:80

193.34.144.138:8080

195.201.56.68:7080

78.46.87.133:8080

172.104.70.207:8080

46.17.6.116:8080

216.75.37.196:8080

157.7.164.178:8081

187.177.155.123:990

139.162.185.116:443

191.100.24.201:50000

rsa_pubkey.plain

Targets

    • Target

      84184cab629d2945d690aa0558bf5fa8_JaffaCakes118

    • Size

      232KB

    • MD5

      84184cab629d2945d690aa0558bf5fa8

    • SHA1

      29a144e1644cabafd847f868969fedf09397bd68

    • SHA256

      ffee1d74c020a8010b38743031646ae6409e219d0e03c5696e40186e8e5e0a24

    • SHA512

      6cfdc6743f21416555c5b6f30101b16ce42439d562a5c299050e7eb3cbca34ca09947fe5d55ee4dffab59398e78e08d0cba91d3bccaafc16543e974fc5b9a353

    • SSDEEP

      3072:nFKmjt/NNzfr4/w4bhrmjqZ7kjHfZ1RqF+pUO6bd+kpgANA/y2oNj/:nLZN1r4PbhiK6HfZ1RqFwUTbXgANA/U

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks