General

  • Target

    8d4134823512a96c88fde20832ea4c2a_JaffaCakes118

  • Size

    640KB

  • Sample

    240602-hwr18aed6v

  • MD5

    8d4134823512a96c88fde20832ea4c2a

  • SHA1

    ef359c134ca0b3eec0030b89832b0a77bbfbf868

  • SHA256

    195857546e3488d033407e7e2e0c10b01c4b535f99362684b27cad7965ec7d50

  • SHA512

    78688593773c349133c0353bc67911cf9366b8ef54d528459836e38e9ad935093df48e3382b8e42d07e9148cf931445ea378c97f1786dd7041ec626c302b8516

  • SSDEEP

    12288:UphSRoPQfYGRWDr/ZxQko0WYNkjChkljXjj8AXH:UHL6WDDWY6FjzI+

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

104.236.137.72:8080

172.104.233.225:8080

213.189.36.51:8080

85.234.143.94:8080

186.23.132.93:990

142.127.57.63:8080

149.62.173.247:8080

86.42.166.147:80

181.36.42.205:443

201.190.133.235:8080

88.250.223.190:8080

181.231.62.54:80

190.146.131.105:8080

200.123.101.90:80

212.71.237.140:8080

187.230.99.192:443

190.17.42.79:80

119.59.124.163:8080

86.142.102.191:8443

203.130.0.69:80

rsa_pubkey.plain

Targets

    • Target

      8d4134823512a96c88fde20832ea4c2a_JaffaCakes118

    • Size

      640KB

    • MD5

      8d4134823512a96c88fde20832ea4c2a

    • SHA1

      ef359c134ca0b3eec0030b89832b0a77bbfbf868

    • SHA256

      195857546e3488d033407e7e2e0c10b01c4b535f99362684b27cad7965ec7d50

    • SHA512

      78688593773c349133c0353bc67911cf9366b8ef54d528459836e38e9ad935093df48e3382b8e42d07e9148cf931445ea378c97f1786dd7041ec626c302b8516

    • SSDEEP

      12288:UphSRoPQfYGRWDr/ZxQko0WYNkjChkljXjj8AXH:UHL6WDDWY6FjzI+

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks