Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d9aea1808b962883245ea6581deb0c5c_JaffaCakes118

  • Size

    668KB

  • Sample

    240911-fyd62avfmb

  • MD5

    d9aea1808b962883245ea6581deb0c5c

  • SHA1

    ea3af98ae0e0e2acf8612b822750efdaa2776edf

  • SHA256

    925d78b62e70df4dbdf0f1eb8657bd04c9bda7e6564b768cfb37fd3f03c43b76

  • SHA512

    1836efb6adcbab8f621894fc977e8181415b872bc12d780a50f50e65b7f7566066394937191b1cc5b10ec4a30346e681a6d8eb1345e7bf867eca213e9c482e26

  • SSDEEP

    6144:gdiE4zqXVY7PfBHnzA0F3JhJx4eS5nNMTy5fkLaMiLgLWL7SqaaYo5wzPLNQOIeG:gdw7hHnzAe3oe6nZ6zEPaexL62

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

202.22.141.45:80

37.187.161.206:8080

202.29.239.162:443

80.87.201.221:7080

82.76.111.249:443

216.47.196.104:80

192.241.143.52:8080

192.81.38.31:80

87.106.253.248:8080

64.201.88.132:80

192.241.146.84:8080

12.162.84.2:8080

1.226.84.243:8080

177.129.17.170:443

202.134.4.210:7080

70.169.17.134:80

152.169.22.67:80

5.196.35.138:7080

138.97.60.141:7080

203.205.28.68:80

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOZ9fLJ8UrI0OZURpPsR3eijAyfPj3z6
3
uS75f2igmYFW2aWgNcFIzsAYQleKzD0nlCFHOo7Zf8/4wY2UW0CJ4dJEHnE/PHlz
4
6uNk3pxjm7o4eCDyiJbzf+k0Azjl0q54FQIDAQAB
5
-----END PUBLIC KEY-----

Targets

    • Target

      d9aea1808b962883245ea6581deb0c5c_JaffaCakes118

    • Size

      668KB

    • MD5

      d9aea1808b962883245ea6581deb0c5c

    • SHA1

      ea3af98ae0e0e2acf8612b822750efdaa2776edf

    • SHA256

      925d78b62e70df4dbdf0f1eb8657bd04c9bda7e6564b768cfb37fd3f03c43b76

    • SHA512

      1836efb6adcbab8f621894fc977e8181415b872bc12d780a50f50e65b7f7566066394937191b1cc5b10ec4a30346e681a6d8eb1345e7bf867eca213e9c482e26

    • SSDEEP

      6144:gdiE4zqXVY7PfBHnzA0F3JhJx4eS5nNMTy5fkLaMiLgLWL7SqaaYo5wzPLNQOIeG:gdw7hHnzAe3oe6nZ6zEPaexL62

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.