Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ad34cf2826fba00037f36122d68a7956_JaffaCakes118

  • Size

    672KB

  • Sample

    240615-hgjras1erb

  • MD5

    ad34cf2826fba00037f36122d68a7956

  • SHA1

    8620ef61c30021d7954a8813246a94e764cda892

  • SHA256

    2896ab3c7791ec300a43427d837ebd16697e0d19a31440e1ace1741944292d01

  • SHA512

    0da99af6de405ba2689e9b559e4f18cb085ba3463ec15ab95d7e70b05bbb7d93a7e9fa55c0abd9e4a1a75eb82071e835b9c48d0db4df3c1156e9b9e808b65d53

  • SSDEEP

    6144:PtEkXzqXV4beq+3nzgmF3JhpolOrJ5zcEKM5fkLaMiLgLWL7SqaaYo5wzPLNQOIG:PtZb03nzgU3yOrnzt6zEPdAH4c

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

116.91.240.96:80

167.71.227.113:8080

190.85.46.52:7080

162.144.42.60:8080

202.166.170.43:80

95.216.205.155:8080

120.51.34.254:80

103.93.220.182:80

111.89.241.139:80

60.125.114.64:443

45.177.120.37:8080

185.86.148.68:443

75.127.14.170:8080

119.92.77.17:80

203.153.216.178:7080

172.96.190.154:8080

179.5.118.12:80

153.229.219.1:443

139.59.12.63:8080

115.79.195.246:80

rsa_pubkey.plain

Targets

    • Target

      ad34cf2826fba00037f36122d68a7956_JaffaCakes118

    • Size

      672KB

    • MD5

      ad34cf2826fba00037f36122d68a7956

    • SHA1

      8620ef61c30021d7954a8813246a94e764cda892

    • SHA256

      2896ab3c7791ec300a43427d837ebd16697e0d19a31440e1ace1741944292d01

    • SHA512

      0da99af6de405ba2689e9b559e4f18cb085ba3463ec15ab95d7e70b05bbb7d93a7e9fa55c0abd9e4a1a75eb82071e835b9c48d0db4df3c1156e9b9e808b65d53

    • SSDEEP

      6144:PtEkXzqXV4beq+3nzgmF3JhpolOrJ5zcEKM5fkLaMiLgLWL7SqaaYo5wzPLNQOIG:PtZb03nzgU3yOrnzt6zEPdAH4c

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

MITRE ATT&CK Matrix

Tasks