General

  • Target

    d7ea9e319dd08dd8bf750cfded3e7311_JaffaCakes118

  • Size

    113KB

  • Sample

    240910-kqawvswhmh

  • MD5

    d7ea9e319dd08dd8bf750cfded3e7311

  • SHA1

    4c76937c6da5878fdd37dfc670b5831426ec0c95

  • SHA256

    963161a044fe6dd74d4001d8672ebfc9921d8097b1df2b4b932e9b46a4e0e518

  • SHA512

    1b7d9e7109b4479b2d5c3c91c3e5d44b34256a5ff79497c7a0a3f08916edb0c7c072c36a9d429e70d3da22c8a3083fd23baa4b9befa8f36f6b0caa48f5ed92ce

  • SSDEEP

    1536:l0VtgaUqUtF41fuNP1z50U369n6tUT0oHyIfE9pqexkWsWq5cEdISNY:l0Y7sSdz5Rospq5ZdIS6

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

189.252.102.40:8080

186.109.28.142:80

211.110.229.161:443

193.34.144.138:8080

74.208.173.91:8080

192.163.221.191:8080

157.7.164.178:8081

190.217.1.149:80

172.104.70.207:8080

188.220.235.237:8080

216.70.88.55:8080

162.241.134.130:8080

190.128.222.14:80

91.109.5.28:8080

186.18.224.149:80

46.105.131.68:8080

51.38.134.203:8080

192.241.220.183:8080

200.55.168.82:20

187.177.155.123:990

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMqZMACZDzcRXuSnj2OI8LeIYKrbUIXL
3
faUgIJPwYd305HnaBS2AfA0R+oPxT32r+3BbayI3KguqAn3E+rbwtLhqhOXOlTnY
4
7yvG4ufmwCCkRzc6Sq8baToxmd6y523AIQIDAQAB
5
-----END PUBLIC KEY-----

Targets

    • Target

      d7ea9e319dd08dd8bf750cfded3e7311_JaffaCakes118

    • Size

      113KB

    • MD5

      d7ea9e319dd08dd8bf750cfded3e7311

    • SHA1

      4c76937c6da5878fdd37dfc670b5831426ec0c95

    • SHA256

      963161a044fe6dd74d4001d8672ebfc9921d8097b1df2b4b932e9b46a4e0e518

    • SHA512

      1b7d9e7109b4479b2d5c3c91c3e5d44b34256a5ff79497c7a0a3f08916edb0c7c072c36a9d429e70d3da22c8a3083fd23baa4b9befa8f36f6b0caa48f5ed92ce

    • SSDEEP

      1536:l0VtgaUqUtF41fuNP1z50U369n6tUT0oHyIfE9pqexkWsWq5cEdISNY:l0Y7sSdz5Rospq5ZdIS6

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.