General

  • Target

    d8aeaa39cf5be922f29fb59807816133_JaffaCakes118

  • Size

    168KB

  • Sample

    240910-vv9absvflk

  • MD5

    d8aeaa39cf5be922f29fb59807816133

  • SHA1

    e1e71f067aa0a1d3ed51b946a0072ea49b18221f

  • SHA256

    7e4d2d98b43ceb6224f10a978116d737c6d4be762962986c7ac72ce7ecee433b

  • SHA512

    b10a0c166a003ac026c08d4da92aeda944d1a14241d105a7f10bea311a642e379256097ec530b9ed21f9bb9c40ec9891a4860b3950da13f430fa9a7fdaa2328e

  • SSDEEP

    3072:Q6QL5LhXNlLVG4EGZE3kgxAm/oE7CJ/ogu1pMQWqNgL4xuEQsxq:iLVkZ3kgCkkowQWqi6LQ

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

183.77.227.38:80

45.177.120.36:80

162.241.41.111:7080

190.85.46.52:7080

54.38.143.245:8080

139.59.61.215:443

202.166.170.43:80

37.46.129.215:8080

120.51.34.254:80

113.160.248.110:80

27.73.70.219:8080

46.105.131.68:8080

88.247.58.26:80

46.32.229.152:8080

195.201.56.70:8080

93.20.157.143:80

103.48.68.173:80

167.71.227.113:8080

8.4.9.137:8080

172.96.190.154:8080

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAM/TXLLvX91I6dVMYe+T1PPO6mpcg7OJ
3
cMl9o/g4nUhZOp8fAAmQl8XMXeGvDhZXTyX1AXf401iPFui0RB6glhl/7/djvi7j
4
l32lAhyBANpKGty8xf3J5kGwwClnG/CXHQIDAQAB
5
-----END PUBLIC KEY-----

Targets

    • Target

      d8aeaa39cf5be922f29fb59807816133_JaffaCakes118

    • Size

      168KB

    • MD5

      d8aeaa39cf5be922f29fb59807816133

    • SHA1

      e1e71f067aa0a1d3ed51b946a0072ea49b18221f

    • SHA256

      7e4d2d98b43ceb6224f10a978116d737c6d4be762962986c7ac72ce7ecee433b

    • SHA512

      b10a0c166a003ac026c08d4da92aeda944d1a14241d105a7f10bea311a642e379256097ec530b9ed21f9bb9c40ec9891a4860b3950da13f430fa9a7fdaa2328e

    • SSDEEP

      3072:Q6QL5LhXNlLVG4EGZE3kgxAm/oE7CJ/ogu1pMQWqNgL4xuEQsxq:iLVkZ3kgCkkowQWqi6LQ

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.