General

  • Target

    610d7bb9f9725d5b736843123d27f1bc_JaffaCakes118

  • Size

    167KB

  • Sample

    240721-xy61gsshkk

  • MD5

    610d7bb9f9725d5b736843123d27f1bc

  • SHA1

    3706cb0a13c1e4ebe1ebc05aee0a1d23049abcca

  • SHA256

    1d79c23865675ea988e8da616d87729fc029e3da8655a452ec8603c2645ed29c

  • SHA512

    a4c5e017007f2a3bb905ac9aad6e87e54ae8582e3b1e8f2fa7ebc121faece5f13385b655b0acb545bb002855d5f65a0864b30154fa3a1381fe5eaf324d65ea20

  • SSDEEP

    3072:2dEnuxOmCghim2GDJwNAz0zKju491jZqMNJs:2dDfh80JYAhvJ

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

80.11.163.139:443

85.54.169.141:8080

185.14.187.201:8080

45.79.188.67:8080

63.142.253.122:8080

24.51.106.145:21

91.205.215.66:8080

222.214.218.192:8080

80.11.163.139:21

190.108.228.48:990

88.247.163.44:80

88.156.97.210:80

95.128.43.213:8080

211.63.71.72:8080

182.176.132.213:8090

182.176.106.43:995

186.4.172.5:8080

178.79.161.166:443

101.187.237.217:20

136.243.177.26:8080

rsa_pubkey.plain

Targets

    • Target

      610d7bb9f9725d5b736843123d27f1bc_JaffaCakes118

    • Size

      167KB

    • MD5

      610d7bb9f9725d5b736843123d27f1bc

    • SHA1

      3706cb0a13c1e4ebe1ebc05aee0a1d23049abcca

    • SHA256

      1d79c23865675ea988e8da616d87729fc029e3da8655a452ec8603c2645ed29c

    • SHA512

      a4c5e017007f2a3bb905ac9aad6e87e54ae8582e3b1e8f2fa7ebc121faece5f13385b655b0acb545bb002855d5f65a0864b30154fa3a1381fe5eaf324d65ea20

    • SSDEEP

      3072:2dEnuxOmCghim2GDJwNAz0zKju491jZqMNJs:2dDfh80JYAhvJ

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks