emotet | a98c45e1227fd55cbbf1866e76813530_JaffaCakes118

General

Target

a98c45e1227fd55cbbf1866e76813530_JaffaCakes118
Size

62KB
MD5

a98c45e1227fd55cbbf1866e76813530
SHA1

e4686b2df713d75e82226a4e93044b10b4c3b28d
SHA256

9e0143f7fe9f992c3bed066c5c2f5ca31e862493217421d8ab39c4eb3f04c385
SHA512

7818908a5d9f3b545d73730b496b7e049743c59e7408e8314cb8714fa237c8f6a9aadf814d22d9df6813061e8103cee781291bd542f4354ab7546c8f6dada1a4
SSDEEP

1536:4ABSiu85ZhssK0Xvkv96rksc/cqNcigRSMe+K0irHae0IAiSt:nLZhsUXvkF3/cqNdgR2Wt

Score

10^/10

epoch3 emotet

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

173.249.157.58:8080

91.109.5.28:8080

108.179.216.46:8080

70.45.30.28:80

51.38.134.203:8080

181.97.70.132:8080

203.99.182.135:443

176.58.93.123:80

95.216.207.86:7080

200.114.134.8:20

138.197.140.163:8080

212.112.113.235:80

192.241.220.183:8080

94.177.253.126:80

186.10.16.244:53

181.57.102.203:8080

190.55.86.138:8443

93.78.205.196:443

181.53.252.85:990

110.36.234.146:80

rsa_pubkey.plain

Signatures

Emotet family
emotet

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a98c45e1227fd55cbbf1866e76813530_JaffaCakes118

Files

a98c45e1227fd55cbbf1866e76813530_JaffaCakes118
.exe windows:6 windows x86 arch:x86

009889c73bd2e55113bf6dfa5f395e0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsProcessorFeaturePresent

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

009889c73bd2e55113bf6dfa5f395e0d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 16KB

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 1024B - Virtual size: 1012B

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 16KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 1024B - Virtual size: 1012B