Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d74ee28a91d0e857427837c5bdbae83d_JaffaCakes118

  • Size

    667KB

  • Sample

    240910-abgqrayenh

  • MD5

    d74ee28a91d0e857427837c5bdbae83d

  • SHA1

    e8a485c603a0ef3badbe183e9f7640cd8eaed20f

  • SHA256

    7e49f4889e0d8b5c6c8add44631b7f0f0d820612497e2adec2b9197e985d1cba

  • SHA512

    d488931ed08d7eddff9fb72898b92e9117f60a2ba99a3deefa53d1d28b325c4e6b8b9f41512cc74196083a3df46d9955a4fdca4b26d3b7b74b9ecd8e6d47ccfc

  • SSDEEP

    12288:76JJG//tnC5VCFSoDpaQlHfl6mCiWDaBMNCFbnG:76J6/tniVNoDgQVN6mCip9FbG

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

202.22.141.45:80

37.187.161.206:8080

202.29.239.162:443

80.87.201.221:7080

82.76.111.249:443

216.47.196.104:80

192.241.143.52:8080

192.81.38.31:80

87.106.253.248:8080

64.201.88.132:80

192.241.146.84:8080

12.162.84.2:8080

1.226.84.243:8080

177.129.17.170:443

202.134.4.210:7080

70.169.17.134:80

152.169.22.67:80

5.196.35.138:7080

138.97.60.141:7080

203.205.28.68:80

rsa_pubkey.plain

Targets

    • Target

      d74ee28a91d0e857427837c5bdbae83d_JaffaCakes118

    • Size

      667KB

    • MD5

      d74ee28a91d0e857427837c5bdbae83d

    • SHA1

      e8a485c603a0ef3badbe183e9f7640cd8eaed20f

    • SHA256

      7e49f4889e0d8b5c6c8add44631b7f0f0d820612497e2adec2b9197e985d1cba

    • SHA512

      d488931ed08d7eddff9fb72898b92e9117f60a2ba99a3deefa53d1d28b325c4e6b8b9f41512cc74196083a3df46d9955a4fdca4b26d3b7b74b9ecd8e6d47ccfc

    • SSDEEP

      12288:76JJG//tnC5VCFSoDpaQlHfl6mCiWDaBMNCFbnG:76J6/tniVNoDgQVN6mCip9FbG

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks