General

  • Target

    b36fad72f50f18d1ec397cf75b24f64e_JaffaCakes118

  • Size

    614KB

  • Sample

    240616-pchf1awhjq

  • MD5

    b36fad72f50f18d1ec397cf75b24f64e

  • SHA1

    da631b420492d07c2c8cc4f644e4087e125d55cc

  • SHA256

    d2803d1c6c24ea634dbfd5d713d4b0c0e24e7c0924c0ce211541605238f84b81

  • SHA512

    79209d5e9054eb6b3607346c1e148bef5148e59de20cf8d91a4ef1a8ab5361e9f6a1914bba8b9ca6c30b990e5d06c131027faff43c81727b5654d578bb03cb2b

  • SSDEEP

    12288:lN/AyFWK57UTGLUx/pihP0J2QuH68ntQSPEVAGiomAP:XAyFWK57wG+/pihP0AQuTnt7PEVAGrP

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

181.198.203.45:443

70.45.30.28:80

211.110.229.161:443

193.34.144.138:8080

74.208.173.91:8080

154.120.227.206:8080

124.150.175.133:80

192.163.221.191:8080

95.216.207.86:7080

142.93.87.198:8080

216.75.37.196:8080

181.47.235.26:993

198.57.217.170:8080

176.58.93.123:80

94.177.253.126:80

83.169.33.157:8080

186.18.224.149:80

157.7.164.178:8081

192.241.220.183:8080

216.70.88.55:8080

rsa_pubkey.plain

Targets

    • Target

      b36fad72f50f18d1ec397cf75b24f64e_JaffaCakes118

    • Size

      614KB

    • MD5

      b36fad72f50f18d1ec397cf75b24f64e

    • SHA1

      da631b420492d07c2c8cc4f644e4087e125d55cc

    • SHA256

      d2803d1c6c24ea634dbfd5d713d4b0c0e24e7c0924c0ce211541605238f84b81

    • SHA512

      79209d5e9054eb6b3607346c1e148bef5148e59de20cf8d91a4ef1a8ab5361e9f6a1914bba8b9ca6c30b990e5d06c131027faff43c81727b5654d578bb03cb2b

    • SSDEEP

      12288:lN/AyFWK57UTGLUx/pihP0J2QuH68ntQSPEVAGiomAP:XAyFWK57wG+/pihP0AQuTnt7PEVAGrP

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks