General

  • Target

    d89d0162eca15947a0e2c2f673492af1_JaffaCakes118

  • Size

    145KB

  • Sample

    240910-t7wpbstdjp

  • MD5

    d89d0162eca15947a0e2c2f673492af1

  • SHA1

    f99b9c1b5c564f0e4b0d1c70705f111b079f679a

  • SHA256

    9d44c987e9dfda3ed8b07c48b51ee8d0e4be056767c60f36e5954459666d8242

  • SHA512

    ce2c8b9e2ca54c5f1c7970dd5f62c7e057e6bdfe37352962f1b606abb1415f72bc27e52d5bf5405c147e58f2420537091197bf19b9a0a65e6c615016694da214

  • SSDEEP

    3072:d4wOi31tMsKSvJwjTPsjuHwLjhFycOhV5iRvgYfWXGyNkPfr/N2:4UYsKSvGHsJFNOh/ippw7kPD/

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

71.72.196.159:80

134.209.36.254:8080

120.138.30.150:8080

94.23.216.33:80

157.245.99.39:8080

137.59.187.107:8080

94.23.237.171:443

61.19.246.238:443

156.155.166.221:80

50.35.17.13:80

153.137.36.142:80

91.211.88.52:7080

209.141.54.221:8080

185.94.252.104:443

174.45.13.118:80

87.106.136.232:8080

62.75.141.82:80

213.196.135.145:80

188.219.31.12:80

82.80.155.43:80

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhANQOcBKvh5xEW7VcJ9totsjdBwuAclxS
3
Q0e09fk8V053lktpW3TRrzAW63yt6j1KWnyxMrU3igFXypBoI4lVNmkje4UPtIIS
4
fkzjEIvG1v/ZNn1k0J0PfFTxbFFeUEs3AwIDAQAB
5
-----END PUBLIC KEY-----

Targets

    • Target

      d89d0162eca15947a0e2c2f673492af1_JaffaCakes118

    • Size

      145KB

    • MD5

      d89d0162eca15947a0e2c2f673492af1

    • SHA1

      f99b9c1b5c564f0e4b0d1c70705f111b079f679a

    • SHA256

      9d44c987e9dfda3ed8b07c48b51ee8d0e4be056767c60f36e5954459666d8242

    • SHA512

      ce2c8b9e2ca54c5f1c7970dd5f62c7e057e6bdfe37352962f1b606abb1415f72bc27e52d5bf5405c147e58f2420537091197bf19b9a0a65e6c615016694da214

    • SSDEEP

      3072:d4wOi31tMsKSvJwjTPsjuHwLjhFycOhV5iRvgYfWXGyNkPfr/N2:4UYsKSvGHsJFNOh/ippw7kPD/

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.