General

  • Target

    b21ff770ae277af1821b58a5fc1823a7_JaffaCakes118

  • Size

    272KB

  • Sample

    240616-g7887ssgrb

  • MD5

    b21ff770ae277af1821b58a5fc1823a7

  • SHA1

    426655cfdfaf903c4039c718e62d4379c2e1ff86

  • SHA256

    ea6f1cdd46e2032451ae51d2016777b4060afb896f67df3e57ea2dcf9b02015a

  • SHA512

    14f4aac86441d0bf486f64d881ac6f9665c617882c277bd17b076dbb700c6ce80b57d659070570fae5b57071ee306c9592c3fc20c207256a923d94dc8c51510e

  • SSDEEP

    6144:ADC5yQfvp9e4YbTaPnEu/+6i5j0RgUJWIafGX40T:oCBfvLoaPDHiEJgfOn

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

118.110.236.121:8080

149.202.5.139:443

153.92.4.96:8080

51.75.163.68:7080

143.95.101.72:8080

190.225.150.234:80

186.227.146.102:80

181.137.229.1:80

175.29.183.2:80

77.74.78.80:443

175.139.144.229:8080

222.159.240.58:80

190.55.186.229:80

190.190.15.20:80

157.245.138.101:7080

46.32.229.152:8080

195.201.56.70:8080

198.57.203.63:8080

157.7.164.178:8081

189.39.32.161:80

rsa_pubkey.plain

Targets

    • Target

      b21ff770ae277af1821b58a5fc1823a7_JaffaCakes118

    • Size

      272KB

    • MD5

      b21ff770ae277af1821b58a5fc1823a7

    • SHA1

      426655cfdfaf903c4039c718e62d4379c2e1ff86

    • SHA256

      ea6f1cdd46e2032451ae51d2016777b4060afb896f67df3e57ea2dcf9b02015a

    • SHA512

      14f4aac86441d0bf486f64d881ac6f9665c617882c277bd17b076dbb700c6ce80b57d659070570fae5b57071ee306c9592c3fc20c207256a923d94dc8c51510e

    • SSDEEP

      6144:ADC5yQfvp9e4YbTaPnEu/+6i5j0RgUJWIafGX40T:oCBfvLoaPDHiEJgfOn

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks