Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    da2617b92898bad53a65c4426097ad41_JaffaCakes118

  • Size

    628KB

  • Sample

    240911-mjeycavfjk

  • MD5

    da2617b92898bad53a65c4426097ad41

  • SHA1

    c96dad16a22291b5823b2b7d18dc9cc9245bf2df

  • SHA256

    2e7b0c20a67a0a13b279780a65cc73a830627962ab6aed5e303bdccabbb8e418

  • SHA512

    a910990086309249c41091aefab5b39c7033d6e5304c339060f6320c75ec207bd10519cd0fe0633bc2dd5460e18c615790227d9d5bb40ca6a64a9ecd4176e749

  • SSDEEP

    6144:pY2xoyldr35tkAR+n1bCwxgwaDXxz3j6R+uSHQ95dIDrTsOfg1oCXXm5iRDamAR4:pY2Oyldh+nBCDDXDC5y31QoiKiRG9W

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

96.227.52.8:443

51.38.124.206:80

82.196.15.205:8080

38.88.126.202:8080

190.2.31.172:80

110.142.219.51:80

72.167.223.217:8080

138.97.60.141:7080

50.28.51.143:8080

5.189.178.202:8080

192.241.146.84:8080

190.195.129.227:8090

190.24.243.186:80

220.109.145.69:80

77.90.136.129:8080

185.178.10.77:80

94.176.234.118:443

178.250.54.208:8080

74.58.215.226:80

186.103.141.250:443

rsa_pubkey.plain

Targets

    • Target

      da2617b92898bad53a65c4426097ad41_JaffaCakes118

    • Size

      628KB

    • MD5

      da2617b92898bad53a65c4426097ad41

    • SHA1

      c96dad16a22291b5823b2b7d18dc9cc9245bf2df

    • SHA256

      2e7b0c20a67a0a13b279780a65cc73a830627962ab6aed5e303bdccabbb8e418

    • SHA512

      a910990086309249c41091aefab5b39c7033d6e5304c339060f6320c75ec207bd10519cd0fe0633bc2dd5460e18c615790227d9d5bb40ca6a64a9ecd4176e749

    • SSDEEP

      6144:pY2xoyldr35tkAR+n1bCwxgwaDXxz3j6R+uSHQ95dIDrTsOfg1oCXXm5iRDamAR4:pY2Oyldh+nBCDDXDC5y31QoiKiRG9W

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

MITRE ATT&CK Enterprise v15

Tasks