Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c49e9153f76ae22f071ec7c1d761f7f2_JaffaCakes118

  • Size

    464KB

  • Sample

    240827-j2f2kssflj

  • MD5

    c49e9153f76ae22f071ec7c1d761f7f2

  • SHA1

    2f7d8d685df241cbaf175930e0be0f8b08b5f1ad

  • SHA256

    03237623f4ef8bb50df8d36b19dab44fb7554df43b87ed48a420b37f06767abf

  • SHA512

    a8884e02e852d947708b0e04da308e723f620e9764e98f8e46b9f862dec920b6a7b1842f09d10a7fc5d322acb49fd453620e3fad001eadabcb3aadd58b313b32

  • SSDEEP

    12288:qzCpoHIO3xELgG1wkQXv/xqWjJRT6119:qzBoO3xELga1c/QWjri

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

174.106.122.139:80

159.203.116.47:8080

173.249.6.108:443

104.236.246.93:8080

174.45.13.118:80

137.59.187.107:8080

94.200.114.161:80

37.187.72.193:8080

67.10.155.92:80

121.124.124.40:7080

24.43.99.75:80

75.139.38.211:80

109.74.5.95:8080

137.119.36.33:80

74.134.41.124:80

66.65.136.14:80

94.1.108.190:443

181.169.235.7:80

79.137.83.50:443

104.131.44.150:8080

rsa_pubkey.plain

Targets

    • Target

      c49e9153f76ae22f071ec7c1d761f7f2_JaffaCakes118

    • Size

      464KB

    • MD5

      c49e9153f76ae22f071ec7c1d761f7f2

    • SHA1

      2f7d8d685df241cbaf175930e0be0f8b08b5f1ad

    • SHA256

      03237623f4ef8bb50df8d36b19dab44fb7554df43b87ed48a420b37f06767abf

    • SHA512

      a8884e02e852d947708b0e04da308e723f620e9764e98f8e46b9f862dec920b6a7b1842f09d10a7fc5d322acb49fd453620e3fad001eadabcb3aadd58b313b32

    • SSDEEP

      12288:qzCpoHIO3xELgG1wkQXv/xqWjJRT6119:qzBoO3xELga1c/QWjri

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

MITRE ATT&CK Enterprise v15

Tasks