General

  • Target

    6e55a11488724361acdfb031078abf74_JaffaCakes118

  • Size

    108KB

  • Sample

    240730-cdx7mascjj

  • MD5

    6e55a11488724361acdfb031078abf74

  • SHA1

    6f6a61baceb7a5682bcb7e38e2d72de59b6668a5

  • SHA256

    94648b6a2ebf662193dbcc8225b1bd9d2675a987ae6ccd98a3315b22a26b2634

  • SHA512

    2661d72af7df1b2b8888d26d0506f77f114addc8befd91e8f11a98a682d65863758a864e0fe11b6e35d3b09109ca27321e9cc66cb66919373fb83b5f42a0d236

  • SSDEEP

    3072:0QgwdnBMxwenUlkdNM/9XEkWDpaSfXk0pnD9KJ+/:jdcF5d6/96pxf9m4

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

67.10.155.92:80

38.111.46.46:8080

134.209.36.254:8080

162.241.242.173:8080

2.84.135.163:80

94.1.108.190:443

140.186.212.146:80

95.179.229.244:8080

200.114.213.233:8080

113.61.66.94:80

190.240.194.77:443

61.19.246.238:443

110.5.16.198:80

83.169.36.251:8080

37.187.72.193:8080

176.111.60.55:8080

85.105.205.77:8080

168.235.67.138:7080

200.123.150.89:443

87.106.139.101:8080

rsa_pubkey.plain

Targets

    • Target

      6e55a11488724361acdfb031078abf74_JaffaCakes118

    • Size

      108KB

    • MD5

      6e55a11488724361acdfb031078abf74

    • SHA1

      6f6a61baceb7a5682bcb7e38e2d72de59b6668a5

    • SHA256

      94648b6a2ebf662193dbcc8225b1bd9d2675a987ae6ccd98a3315b22a26b2634

    • SHA512

      2661d72af7df1b2b8888d26d0506f77f114addc8befd91e8f11a98a682d65863758a864e0fe11b6e35d3b09109ca27321e9cc66cb66919373fb83b5f42a0d236

    • SSDEEP

      3072:0QgwdnBMxwenUlkdNM/9XEkWDpaSfXk0pnD9KJ+/:jdcF5d6/96pxf9m4

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

MITRE ATT&CK Enterprise v15

Tasks