General

  • Target

    e65d59b595b77531b558362632bd8d86_JaffaCakes118

  • Size

    330KB

  • Sample

    240917-jqflnsscql

  • MD5

    e65d59b595b77531b558362632bd8d86

  • SHA1

    c0aa14c3d6e154d0a7fabceb11a8d3e2dcabfa86

  • SHA256

    035463078ab1524899f0a6fe48d5674598c9b0a4f6eaf4a723238ceaab4d8df1

  • SHA512

    c5600fdd6fb9a0f4e2c3fa2c7fa5959ef3b72c36e06c21b9dcb162a8b50b6a710b8619cf7e1d09a1309dffeb8ec5fb4a218620ceb8773860c09185b4cd51d325

  • SSDEEP

    3072:XRq1sFAd2gQ5PmBvNZwnnq1gn2RvoXiDzAYgrO1v2F5j8eFu:Bq1sFAwgwmBv3wnIgG4oAYxvU54eu

Malware Config

Extracted

Family

emotet

Botnet

Epoch3

C2

190.55.186.229:80

203.157.152.9:7080

157.245.145.87:443

109.99.146.210:8080

116.202.10.123:8080

172.96.190.154:8080

163.53.204.180:443

190.107.118.125:80

91.93.3.85:8080

185.142.236.163:443

115.79.195.246:80

120.51.34.254:80

192.210.217.94:8080

198.20.228.9:8080

91.75.75.46:80

54.38.143.245:8080

161.49.84.2:80

162.144.145.58:8080

178.33.167.120:8080

201.193.160.196:80

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAM/TXLLvX91I6dVMYe+T1PPO6mpcg7OJ
3
cMl9o/g4nUhZOp8fAAmQl8XMXeGvDhZXTyX1AXf401iPFui0RB6glhl/7/djvi7j
4
l32lAhyBANpKGty8xf3J5kGwwClnG/CXHQIDAQAB
5
-----END PUBLIC KEY-----

Targets

    • Target

      e65d59b595b77531b558362632bd8d86_JaffaCakes118

    • Size

      330KB

    • MD5

      e65d59b595b77531b558362632bd8d86

    • SHA1

      c0aa14c3d6e154d0a7fabceb11a8d3e2dcabfa86

    • SHA256

      035463078ab1524899f0a6fe48d5674598c9b0a4f6eaf4a723238ceaab4d8df1

    • SHA512

      c5600fdd6fb9a0f4e2c3fa2c7fa5959ef3b72c36e06c21b9dcb162a8b50b6a710b8619cf7e1d09a1309dffeb8ec5fb4a218620ceb8773860c09185b4cd51d325

    • SSDEEP

      3072:XRq1sFAd2gQ5PmBvNZwnnq1gn2RvoXiDzAYgrO1v2F5j8eFu:Bq1sFAwgwmBv3wnIgG4oAYxvU54eu

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.