General

  • Target

    b0f186125d77cb97028153ca6e07ae17_JaffaCakes118

  • Size

    308KB

  • Sample

    240616-a1nklasakg

  • MD5

    b0f186125d77cb97028153ca6e07ae17

  • SHA1

    e62c55dffcf6ab34aa69c3491a836e86a45c01c6

  • SHA256

    d65efdf131815ec04855dcef2bcf6124e5ee5726e2ca8388dbab1407e5f323bc

  • SHA512

    31869e9a7ee617a89e699b9af143964ca63cfa909198434d4a749d3c508bc5414e2f00b9aaad0efb985d6f53104f466876535c5ec34fbe5f24b8bf0254246835

  • SSDEEP

    3072:CQKLpAnbjb8rnHxEg7S/dssLwIznWEsPmQoaAgWXOW2OPuvB/2gshlX+y6rrIQ:xK1gIrnHi4SVss8wsNWXOxeup/7UXl6F

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

113.61.76.239:80

111.125.71.22:8080

80.11.158.65:8080

96.126.121.64:443

104.236.137.72:8080

85.234.143.94:8080

80.85.87.122:8080

190.146.131.105:8080

201.213.32.59:80

192.241.146.84:8080

83.165.163.225:80

63.246.252.234:80

181.198.203.45:443

109.169.86.13:8080

45.50.177.164:80

190.97.30.167:990

5.196.35.138:7080

181.36.42.205:443

119.59.124.163:8080

181.231.62.54:80

rsa_pubkey.plain

Targets

    • Target

      b0f186125d77cb97028153ca6e07ae17_JaffaCakes118

    • Size

      308KB

    • MD5

      b0f186125d77cb97028153ca6e07ae17

    • SHA1

      e62c55dffcf6ab34aa69c3491a836e86a45c01c6

    • SHA256

      d65efdf131815ec04855dcef2bcf6124e5ee5726e2ca8388dbab1407e5f323bc

    • SHA512

      31869e9a7ee617a89e699b9af143964ca63cfa909198434d4a749d3c508bc5414e2f00b9aaad0efb985d6f53104f466876535c5ec34fbe5f24b8bf0254246835

    • SSDEEP

      3072:CQKLpAnbjb8rnHxEg7S/dssLwIznWEsPmQoaAgWXOW2OPuvB/2gshlX+y6rrIQ:xK1gIrnHi4SVss8wsNWXOxeup/7UXl6F

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks