General

  • Target

    51febb177fe2a797fb7346bba95a9f30_JaffaCakes118

  • Size

    190KB

  • Sample

    240717-jb9wza1bpm

  • MD5

    51febb177fe2a797fb7346bba95a9f30

  • SHA1

    dbdd7f61d13d4fc7351d2031208705f47477d2ae

  • SHA256

    53fdec9a31dfab4fcbf1bca22bab650692cf8a1a79a16b08848679fe00b6b473

  • SHA512

    4c856189a4dedc5408f6461c2b43136697602eed557166272df11a167e33ba5a1856e86cb56c057d99fd824f2fe2dabd3a5dc4a3599024031cf9f6e96475ac6f

  • SSDEEP

    3072:difRZP/MoiW9Ge5eix8l2UmeYIQqpAFsndgdNiEhILSx3r:IfvMoF9EixiYbqpiYgNiEhI2r

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

113.161.176.235:80

88.247.30.64:80

89.163.210.141:8080

139.162.10.249:8080

203.157.152.9:7080

109.99.146.210:8080

78.90.78.210:80

172.193.14.201:80

157.7.164.178:8081

189.211.214.19:443

157.245.145.87:443

180.148.4.130:8080

46.32.229.152:8080

24.245.65.66:80

82.78.179.117:443

177.130.51.198:80

121.117.147.153:443

203.160.167.243:80

172.104.46.84:8080

202.29.237.113:8080

rsa_pubkey.plain

Targets

    • Target

      51febb177fe2a797fb7346bba95a9f30_JaffaCakes118

    • Size

      190KB

    • MD5

      51febb177fe2a797fb7346bba95a9f30

    • SHA1

      dbdd7f61d13d4fc7351d2031208705f47477d2ae

    • SHA256

      53fdec9a31dfab4fcbf1bca22bab650692cf8a1a79a16b08848679fe00b6b473

    • SHA512

      4c856189a4dedc5408f6461c2b43136697602eed557166272df11a167e33ba5a1856e86cb56c057d99fd824f2fe2dabd3a5dc4a3599024031cf9f6e96475ac6f

    • SSDEEP

      3072:difRZP/MoiW9Ge5eix8l2UmeYIQqpAFsndgdNiEhILSx3r:IfvMoF9EixiYbqpiYgNiEhI2r

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks