General

  • Target

    847d017e883b57c848cc2cf55f04c168_JaffaCakes118

  • Size

    492KB

  • Sample

    240530-rwvxjscg85

  • MD5

    847d017e883b57c848cc2cf55f04c168

  • SHA1

    a9485fbb4b87e375e5bfb2d43535c8ad942b5c23

  • SHA256

    c59184f1d8a0b5da7d480c723fc8e29aaeb1017dec934a0c6822a2068a4df1e1

  • SHA512

    a30acd4c16138cef5dd88b85751a7c9e3d90b3c48c48fb52ca9b73e9efc5662808bcd0e245fb4d05c8c8f48a6b65bc61dcea5ef2fb57c9f21c24d98d29da147d

  • SSDEEP

    12288:mn8Kiw13yXFMDEZpXsRaI2QQlF+kzZZgZ:mntiwlqM08RaIjwZZ

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

201.183.247.58:443

113.170.129.113:443

80.240.141.141:7080

185.187.198.10:8080

178.249.187.151:8080

189.166.68.89:443

119.59.124.163:8080

190.230.60.129:80

190.104.253.234:990

183.82.97.25:80

46.41.151.103:8080

5.196.35.138:7080

77.55.211.77:8080

89.188.124.145:443

170.84.133.72:8443

190.38.14.52:80

81.169.140.14:443

46.21.105.59:8080

71.244.60.231:7080

46.163.144.228:80

rsa_pubkey.plain

Targets

    • Target

      847d017e883b57c848cc2cf55f04c168_JaffaCakes118

    • Size

      492KB

    • MD5

      847d017e883b57c848cc2cf55f04c168

    • SHA1

      a9485fbb4b87e375e5bfb2d43535c8ad942b5c23

    • SHA256

      c59184f1d8a0b5da7d480c723fc8e29aaeb1017dec934a0c6822a2068a4df1e1

    • SHA512

      a30acd4c16138cef5dd88b85751a7c9e3d90b3c48c48fb52ca9b73e9efc5662808bcd0e245fb4d05c8c8f48a6b65bc61dcea5ef2fb57c9f21c24d98d29da147d

    • SSDEEP

      12288:mn8Kiw13yXFMDEZpXsRaI2QQlF+kzZZgZ:mntiwlqM08RaIjwZZ

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks