Overview

overview

10

Static

static

3

cd54aa98e6...18.exe

windows7-x64

10

cd54aa98e6...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cd54aa98e6f3139f9c5376f742f37fef_JaffaCakes118

  • Size

    540KB

  • Sample

    240831-wsj34axgrn

  • MD5

    cd54aa98e6f3139f9c5376f742f37fef

  • SHA1

    b09aa21300c5acd40da77c31d3f12d2df3be9e89

  • SHA256

    4856187a419ceae07f2a0d86e56af300b2181a550b5b909c609be4977232bd72

  • SHA512

    88f47a3e9589df1a8dd5a26a233a04f2356839597a9ba7e3e9b8f7ca321b64fd6bd53edc255e95221404a57174ab75d2881b72c8022fe4715abb4b3f08396672

  • SSDEEP

    12288:DELhSmfX6cwV2vM5iKKQEeeMwE6BpIYreO:DEBXzwV95AQ4IY1

Score
10/10
emotetepoch3bankerdiscoverytrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

66.229.161.86:443

190.47.236.83:80

217.12.70.226:80

164.68.115.146:8080

5.189.148.98:8080

46.105.128.215:8080

69.30.205.162:7080

95.216.207.86:7080

128.92.54.20:80

185.192.75.240:443

41.77.74.214:443

190.38.252.45:443

124.150.175.129:8080

191.100.24.201:50000

178.134.1.238:80

72.51.153.27:80

210.224.65.117:80

83.156.88.159:80

190.171.135.235:80

100.38.11.243:80
rsa_pubkey.plain

Targets

    • Target

      cd54aa98e6f3139f9c5376f742f37fef_JaffaCakes118

    • Size

      540KB

    • MD5

      cd54aa98e6f3139f9c5376f742f37fef

    • SHA1

      b09aa21300c5acd40da77c31d3f12d2df3be9e89

    • SHA256

      4856187a419ceae07f2a0d86e56af300b2181a550b5b909c609be4977232bd72

    • SHA512

      88f47a3e9589df1a8dd5a26a233a04f2356839597a9ba7e3e9b8f7ca321b64fd6bd53edc255e95221404a57174ab75d2881b72c8022fe4715abb4b3f08396672

    • SSDEEP

      12288:DELhSmfX6cwV2vM5iKKQEeeMwE6BpIYreO:DEBXzwV95AQ4IY1

    Score
    10/10
    emotetepoch3bankerdiscoverytrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks