General

  • Target

    21f6a3c70a5bca881d9668c14235f9f1_JaffaCakes118

  • Size

    617KB

  • Sample

    240703-l5mdwa1frk

  • MD5

    21f6a3c70a5bca881d9668c14235f9f1

  • SHA1

    15a718631cf1b52f8351162f8fe5375a48e5e788

  • SHA256

    1f206d85f668877579b971103bfcde2f1ee88e69fc3d43249a8c357da5ec3d9e

  • SHA512

    979415784f86e162656afa3911314a5957a481d41fb93ec0875d51b3e2de953743d92e2d3b3143c098d9dbb0b954dd0e930de4f547622fb01e9954ff0f72f56e

  • SSDEEP

    12288:OYzchQVZnkmt/70MWugxPJZFpf0c1pHMbdJ8CA88fzsBsI3+Dc:B4KV5Hpt8bZHLU+CSfasO+

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

84.232.229.24:80

51.255.203.164:8080

217.160.169.110:8080

185.183.16.47:80

190.45.24.210:80

187.162.248.237:80

93.146.143.191:80

185.94.252.27:443

143.0.85.206:7080

80.15.100.37:80

85.105.239.184:443

94.176.234.118:443

62.84.75.50:80

137.74.106.111:7080

172.104.169.32:8080

46.105.114.137:8080

94.126.8.1:80

78.206.229.130:80

93.149.120.214:80

192.175.111.212:7080

rsa_pubkey.plain

Targets

    • Target

      21f6a3c70a5bca881d9668c14235f9f1_JaffaCakes118

    • Size

      617KB

    • MD5

      21f6a3c70a5bca881d9668c14235f9f1

    • SHA1

      15a718631cf1b52f8351162f8fe5375a48e5e788

    • SHA256

      1f206d85f668877579b971103bfcde2f1ee88e69fc3d43249a8c357da5ec3d9e

    • SHA512

      979415784f86e162656afa3911314a5957a481d41fb93ec0875d51b3e2de953743d92e2d3b3143c098d9dbb0b954dd0e930de4f547622fb01e9954ff0f72f56e

    • SSDEEP

      12288:OYzchQVZnkmt/70MWugxPJZFpf0c1pHMbdJ8CA88fzsBsI3+Dc:B4KV5Hpt8bZHLU+CSfasO+

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks