General

  • Target

    b6188fbff2183d60edd6cb72dd140094_JaffaCakes118

  • Size

    544KB

  • Sample

    240617-bfj74s1dqr

  • MD5

    b6188fbff2183d60edd6cb72dd140094

  • SHA1

    7f8a91fc6420e3cb86b9b78a4e9f7d9df8dbdd6b

  • SHA256

    13555ca7cbfd7ce549efe040d0df22de89b878cad3a21ca43a2e1a71769a749d

  • SHA512

    3404e41e3a6fc20f58c34084fc04cd60f8b5f9c37403136d3551df66982ac6b42b2c7ffc21fcdfe37b0a52d4c4cd3d158ff37a599ad186aa2f9107f7bec44230

  • SSDEEP

    6144:LTp3XYyIMYUTgOBeWoavwiU0yk5C2222222222227pUnwXE1:LTp3XYBUEOBeGwiUZVCr1

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

82.239.200.118:80

185.81.158.15:8080

51.255.15.193:7080

85.25.207.108:8080

107.161.30.122:8080

113.161.148.81:80

74.208.173.91:8080

139.59.12.63:8080

188.0.135.237:80

2.144.244.204:443

87.106.231.60:8080

181.137.229.1:80

173.94.215.84:80

175.29.183.2:80

37.46.129.215:8080

86.57.216.23:80

181.126.54.234:80

190.212.140.6:80

46.105.131.68:8080

190.190.15.20:80

rsa_pubkey.plain

Targets

    • Target

      b6188fbff2183d60edd6cb72dd140094_JaffaCakes118

    • Size

      544KB

    • MD5

      b6188fbff2183d60edd6cb72dd140094

    • SHA1

      7f8a91fc6420e3cb86b9b78a4e9f7d9df8dbdd6b

    • SHA256

      13555ca7cbfd7ce549efe040d0df22de89b878cad3a21ca43a2e1a71769a749d

    • SHA512

      3404e41e3a6fc20f58c34084fc04cd60f8b5f9c37403136d3551df66982ac6b42b2c7ffc21fcdfe37b0a52d4c4cd3d158ff37a599ad186aa2f9107f7bec44230

    • SSDEEP

      6144:LTp3XYyIMYUTgOBeWoavwiU0yk5C2222222222227pUnwXE1:LTp3XYBUEOBeGwiUZVCr1

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks