General

  • Target

    d7431600b3b70b8b51c4a0670448ce7b_JaffaCakes118

  • Size

    532KB

  • Sample

    240909-3dznkaxejh

  • MD5

    d7431600b3b70b8b51c4a0670448ce7b

  • SHA1

    d3a07238c4daec16e52c707b7804dbaccdf2858a

  • SHA256

    a1ffd02ede1c591c65933781496c686552ec258be67bfb23a7919444bb3aa836

  • SHA512

    a3995af7599b54993520d15004ae81ecaeafe8d64ce4f353c7526d14a83d89015eb12b56166a926381f0533e6aaef595211f76faf0e8487c12ea91dcf7f640a5

  • SSDEEP

    12288:1CjOlW+UrRlqXepCaR4enqISyDsUZetuit:IUZNepCe4thU4tui

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

12.163.208.58:80

45.33.35.74:8080

87.106.253.248:8080

192.241.146.84:8080

190.115.18.139:8080

65.36.62.20:80

170.81.48.2:80

83.169.21.32:7080

185.232.182.218:80

190.2.31.172:80

77.106.157.34:8080

82.230.1.24:80

202.4.58.197:80

201.213.177.139:80

78.249.119.122:80

123.51.47.18:80

77.90.136.129:8080

60.93.23.51:80

152.169.22.67:80

190.117.79.209:80

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOZ9fLJ8UrI0OZURpPsR3eijAyfPj3z6
3
uS75f2igmYFW2aWgNcFIzsAYQleKzD0nlCFHOo7Zf8/4wY2UW0CJ4dJEHnE/PHlz
4
6uNk3pxjm7o4eCDyiJbzf+k0Azjl0q54FQIDAQAB
5
-----END PUBLIC KEY-----

Targets

    • Target

      d7431600b3b70b8b51c4a0670448ce7b_JaffaCakes118

    • Size

      532KB

    • MD5

      d7431600b3b70b8b51c4a0670448ce7b

    • SHA1

      d3a07238c4daec16e52c707b7804dbaccdf2858a

    • SHA256

      a1ffd02ede1c591c65933781496c686552ec258be67bfb23a7919444bb3aa836

    • SHA512

      a3995af7599b54993520d15004ae81ecaeafe8d64ce4f353c7526d14a83d89015eb12b56166a926381f0533e6aaef595211f76faf0e8487c12ea91dcf7f640a5

    • SSDEEP

      12288:1CjOlW+UrRlqXepCaR4enqISyDsUZetuit:IUZNepCe4thU4tui

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.