General

  • Target

    d79a6bfbbf75e2cb8374fd11c317a3c5_JaffaCakes118

  • Size

    896KB

  • Sample

    240910-fd3znayfpg

  • MD5

    d79a6bfbbf75e2cb8374fd11c317a3c5

  • SHA1

    fe09029ab3eb7e6b3942339ddc685530960c5eba

  • SHA256

    5731e4238ebe462847eba8ed0f3f58b249d02c9ca34c0e19eeb1d9b166bda0bd

  • SHA512

    50928c2a8a8be2bedae33e79aafdd01705480cb2a24bbc424d5a0b4fcaf54f890a8224487fc10be7f9ff205cedf688266f34bc70f9d60cb42c8647d572007251

  • SSDEEP

    12288:cZlyqwEmkmauSVd2R3R0EcX0euXBFs7sU3z44nbGc:Cm6whk90B3yZn

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

71.57.180.213:80

185.86.148.68:443

168.235.82.183:8080

181.113.229.139:443

181.134.9.162:80

217.199.160.224:8080

105.209.235.113:8080

216.75.37.196:8080

97.104.107.190:80

203.153.216.182:7080

107.161.30.122:8080

41.106.96.12:80

202.5.47.71:80

201.235.10.215:80

105.213.67.88:80

115.79.195.246:80

179.5.118.12:80

212.112.113.235:80

139.59.12.63:8080

177.37.81.212:443

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAM/TXLLvX91I6dVMYe+T1PPO6mpcg7OJ
3
cMl9o/g4nUhZOp8fAAmQl8XMXeGvDhZXTyX1AXf401iPFui0RB6glhl/7/djvi7j
4
l32lAhyBANpKGty8xf3J5kGwwClnG/CXHQIDAQAB
5
-----END PUBLIC KEY-----

Targets

    • Target

      d79a6bfbbf75e2cb8374fd11c317a3c5_JaffaCakes118

    • Size

      896KB

    • MD5

      d79a6bfbbf75e2cb8374fd11c317a3c5

    • SHA1

      fe09029ab3eb7e6b3942339ddc685530960c5eba

    • SHA256

      5731e4238ebe462847eba8ed0f3f58b249d02c9ca34c0e19eeb1d9b166bda0bd

    • SHA512

      50928c2a8a8be2bedae33e79aafdd01705480cb2a24bbc424d5a0b4fcaf54f890a8224487fc10be7f9ff205cedf688266f34bc70f9d60cb42c8647d572007251

    • SSDEEP

      12288:cZlyqwEmkmauSVd2R3R0EcX0euXBFs7sU3z44nbGc:Cm6whk90B3yZn

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.