General

  • Target

    d785621a4102a0e16544134bf315d640_JaffaCakes118

  • Size

    447KB

  • Sample

    240910-d1gntsvclq

  • MD5

    d785621a4102a0e16544134bf315d640

  • SHA1

    c45083cec6294cb8199538eb8eb285b93139525c

  • SHA256

    5cc5927efdbedd5ccb7a3026f5366772e09a178bb61b69500e12c0f57825f1ef

  • SHA512

    908e6fa12995cb5b1e696ba0c1c2cde9351474824403e6ce89475456aab7cae5f28edcb7522050d36a1c98c4c276ebe382c61687dc12116e74cd20ec055dffc8

  • SSDEEP

    6144:MwekW4xuXsI2rJfnXQvq6H/icfMv/CZZEwqYA61YbC:MwvuXf2rJfgv7Hacq/CZ3qYA61

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

190.192.39.136:80

5.189.168.53:8080

162.241.41.111:7080

190.85.46.52:7080

190.190.15.20:80

181.95.133.104:80

41.212.89.128:80

115.176.16.221:80

143.95.101.72:8080

75.127.14.170:8080

116.202.10.123:8080

74.208.173.91:8080

103.93.220.182:80

50.116.78.109:8080

67.121.104.51:20

180.26.62.115:443

139.59.12.63:8080

76.18.16.210:80

113.161.148.81:80

5.79.70.250:8080

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAM/TXLLvX91I6dVMYe+T1PPO6mpcg7OJ
3
cMl9o/g4nUhZOp8fAAmQl8XMXeGvDhZXTyX1AXf401iPFui0RB6glhl/7/djvi7j
4
l32lAhyBANpKGty8xf3J5kGwwClnG/CXHQIDAQAB
5
-----END PUBLIC KEY-----

Targets

    • Target

      d785621a4102a0e16544134bf315d640_JaffaCakes118

    • Size

      447KB

    • MD5

      d785621a4102a0e16544134bf315d640

    • SHA1

      c45083cec6294cb8199538eb8eb285b93139525c

    • SHA256

      5cc5927efdbedd5ccb7a3026f5366772e09a178bb61b69500e12c0f57825f1ef

    • SHA512

      908e6fa12995cb5b1e696ba0c1c2cde9351474824403e6ce89475456aab7cae5f28edcb7522050d36a1c98c4c276ebe382c61687dc12116e74cd20ec055dffc8

    • SSDEEP

      6144:MwekW4xuXsI2rJfnXQvq6H/icfMv/CZZEwqYA61YbC:MwvuXf2rJfgv7Hacq/CZ3qYA61

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.