General

  • Target

    8e933c17f526847fcffac71fa0cfea07_JaffaCakes118

  • Size

    321KB

  • Sample

    240602-s2dqwsfg4t

  • MD5

    8e933c17f526847fcffac71fa0cfea07

  • SHA1

    bdaed72b0cf4d4ed233c23ecf854d4d10a7f1a4e

  • SHA256

    4655f0c946b4abcf4b7d740ac494bf8df5a67382ffd620f684cf79e30c20f1b8

  • SHA512

    4b4eda80a1b3196bebbc8634449ec57544d81e8eaee8273b2c991b096b1f9f20fc00ad1954f023637a9cd740ed460d12d5b18d4cd763589dd048bdf3b71660e6

  • SSDEEP

    6144:Xi4444444444444444444444444444444444444444444444444444444444444t:S444444444444444444444444444444o

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

187.188.166.192:80

42.190.4.92:443

170.130.31.177:8080

51.255.165.160:8080

45.56.79.249:443

60.52.64.122:80

190.182.161.7:8080

86.42.166.147:80

91.83.93.124:7080

186.1.41.111:443

51.15.8.192:8080

104.131.58.132:8080

142.93.114.137:8080

201.213.32.59:80

163.172.40.218:7080

190.230.60.129:80

87.106.77.40:7080

190.230.60.129:8080

190.79.228.89:443

178.249.187.151:8080

rsa_pubkey.plain

Targets

    • Target

      8e933c17f526847fcffac71fa0cfea07_JaffaCakes118

    • Size

      321KB

    • MD5

      8e933c17f526847fcffac71fa0cfea07

    • SHA1

      bdaed72b0cf4d4ed233c23ecf854d4d10a7f1a4e

    • SHA256

      4655f0c946b4abcf4b7d740ac494bf8df5a67382ffd620f684cf79e30c20f1b8

    • SHA512

      4b4eda80a1b3196bebbc8634449ec57544d81e8eaee8273b2c991b096b1f9f20fc00ad1954f023637a9cd740ed460d12d5b18d4cd763589dd048bdf3b71660e6

    • SSDEEP

      6144:Xi4444444444444444444444444444444444444444444444444444444444444t:S444444444444444444444444444444o

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks