General
-
Target
d7b102b2eb4580fdc23b900d5a621012_JaffaCakes118
-
Size
224KB
-
Sample
240910-gwmwts1ejb
-
MD5
d7b102b2eb4580fdc23b900d5a621012
-
SHA1
1f613b6628c842b9699977d8da5a5698b2f3baec
-
SHA256
b0e0860c554581b68f3e2857f5dd61ca5a416bbddbb1383e5e03d1c9f7689c60
-
SHA512
9c3b13fb47355d94d9c62544c8d3b4ad8a6d1b2f5e029f95d04627617f9e250413e47b3db6450835b83d06bc12ddc8df407d87c14276b8f906964d99e91eec17
-
SSDEEP
3072:Ofl9ZDkp/eLwpK6aibhsTbnx+KJU9FKOi4CK57HlsxNdytGAIrc/DU/RUtf/s:OBDkOwA6adxHqiFK5Lls75dY/D0R2f0
Malware Config
Extracted
emotet
Epoch3
190.192.39.136:80
5.189.168.53:8080
162.241.41.111:7080
190.85.46.52:7080
190.190.15.20:80
181.95.133.104:80
41.212.89.128:80
115.176.16.221:80
143.95.101.72:8080
75.127.14.170:8080
116.202.10.123:8080
74.208.173.91:8080
103.93.220.182:80
50.116.78.109:8080
67.121.104.51:20
180.26.62.115:443
139.59.12.63:8080
76.18.16.210:80
113.161.148.81:80
5.79.70.250:8080
Targets
-
-
Target
d7b102b2eb4580fdc23b900d5a621012_JaffaCakes118
-
Size
224KB
-
MD5
d7b102b2eb4580fdc23b900d5a621012
-
SHA1
1f613b6628c842b9699977d8da5a5698b2f3baec
-
SHA256
b0e0860c554581b68f3e2857f5dd61ca5a416bbddbb1383e5e03d1c9f7689c60
-
SHA512
9c3b13fb47355d94d9c62544c8d3b4ad8a6d1b2f5e029f95d04627617f9e250413e47b3db6450835b83d06bc12ddc8df407d87c14276b8f906964d99e91eec17
-
SSDEEP
3072:Ofl9ZDkp/eLwpK6aibhsTbnx+KJU9FKOi4CK57HlsxNdytGAIrc/DU/RUtf/s:OBDkOwA6adxHqiFK5Lls75dY/D0R2f0
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Emotet payload
Detects Emotet payload in memory.
-
Executes dropped EXE
-
Drops file in System32 directory
-