General

  • Target

    09df7954cd926a36a5736bb215c058d4_JaffaCakes118

  • Size

    660KB

  • Sample

    240624-v5fe1athlf

  • MD5

    09df7954cd926a36a5736bb215c058d4

  • SHA1

    dd8482a168903ec55e28bcc811bd96c9b466f417

  • SHA256

    ed4532a4cfca2d06f30c964adfbcc6fc0215b3720caaa8f08919fff25103aa7d

  • SHA512

    7ec192f983b9bfe38099d719b59adc53e5551b358a4e783af7983c2a13067598871599f28872e7c49a54a40bc3b04e409a72ca9103565f9e0cdedbd648506ed4

  • SSDEEP

    6144:z8SpbDpqwF03JFhFB19koLgUKQFEexKBePm2QdjFKH67zM86f5muA2QDQh:xpbDp1avFn9kmfaNgPm25yzM868bfDC

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

203.99.182.135:443

181.97.70.132:8080

115.88.70.226:7080

203.150.19.63:443

216.154.222.52:7080

190.55.86.138:8443

125.99.61.162:7080

83.169.33.157:8080

197.211.244.6:443

80.227.67.18:20

176.58.93.123:80

201.244.125.210:995

186.93.167.147:443

190.96.118.15:443

41.60.202.26:22

139.59.242.76:8080

190.117.206.153:443

152.170.220.95:80

113.52.135.33:7080

181.113.229.139:990

rsa_pubkey.plain

Targets

    • Target

      09df7954cd926a36a5736bb215c058d4_JaffaCakes118

    • Size

      660KB

    • MD5

      09df7954cd926a36a5736bb215c058d4

    • SHA1

      dd8482a168903ec55e28bcc811bd96c9b466f417

    • SHA256

      ed4532a4cfca2d06f30c964adfbcc6fc0215b3720caaa8f08919fff25103aa7d

    • SHA512

      7ec192f983b9bfe38099d719b59adc53e5551b358a4e783af7983c2a13067598871599f28872e7c49a54a40bc3b04e409a72ca9103565f9e0cdedbd648506ed4

    • SSDEEP

      6144:z8SpbDpqwF03JFhFB19koLgUKQFEexKBePm2QdjFKH67zM86f5muA2QDQh:xpbDp1avFn9kmfaNgPm25yzM868bfDC

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks