Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    db4b3f08c12af6179822dfbfa8dce597_JaffaCakes118

  • Size

    95KB

  • Sample

    240911-1wx7cawanf

  • MD5

    db4b3f08c12af6179822dfbfa8dce597

  • SHA1

    7de60eed83c8c3b15ede369f7a7cf220dc08a822

  • SHA256

    fb6063b5cfdac275c6c16cb59972b5f7b6e2b9bb2f1b1734638f451b70a4974e

  • SHA512

    5f0d163c16bef81b77a19b9a54bfc0c62130a80dc344aa752d1bfe70aff3bd78e9e5549c66f64b69f0a5e9e335f25198669da71a78db853ca5d7f39c19ed96c7

  • SSDEEP

    1536:LGSy5eVumHHtuCHZVmOAIb1eW99N+1PM90bpxO7IHyf3+/UARtdfhEPPYaLrn2Vu:CS+KTnYCHZAOAV0+167wMOtdWXYauVu

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

128.92.203.42:80

37.187.161.206:8080

202.29.239.162:443

80.87.201.221:7080

190.188.245.242:80

12.163.208.58:80

213.197.182.158:8080

201.213.177.139:80

62.84.75.50:80

45.33.77.42:8080

185.183.16.47:80

78.249.119.122:80

177.129.17.170:443

51.15.7.189:80

152.169.22.67:80

119.106.216.84:80

109.169.12.78:80

51.15.7.145:80

219.92.13.25:80

190.117.79.209:80

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOZ9fLJ8UrI0OZURpPsR3eijAyfPj3z6
3
uS75f2igmYFW2aWgNcFIzsAYQleKzD0nlCFHOo7Zf8/4wY2UW0CJ4dJEHnE/PHlz
4
6uNk3pxjm7o4eCDyiJbzf+k0Azjl0q54FQIDAQAB
5
-----END PUBLIC KEY-----

Targets

    • Target

      db4b3f08c12af6179822dfbfa8dce597_JaffaCakes118

    • Size

      95KB

    • MD5

      db4b3f08c12af6179822dfbfa8dce597

    • SHA1

      7de60eed83c8c3b15ede369f7a7cf220dc08a822

    • SHA256

      fb6063b5cfdac275c6c16cb59972b5f7b6e2b9bb2f1b1734638f451b70a4974e

    • SHA512

      5f0d163c16bef81b77a19b9a54bfc0c62130a80dc344aa752d1bfe70aff3bd78e9e5549c66f64b69f0a5e9e335f25198669da71a78db853ca5d7f39c19ed96c7

    • SSDEEP

      1536:LGSy5eVumHHtuCHZVmOAIb1eW99N+1PM90bpxO7IHyf3+/UARtdfhEPPYaLrn2Vu:CS+KTnYCHZAOAV0+167wMOtdWXYauVu

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.