General

  • Target

    e90e72169858e9ef7fba00013999f868_JaffaCakes118

  • Size

    340KB

  • Sample

    240918-n1wsvszfnq

  • MD5

    e90e72169858e9ef7fba00013999f868

  • SHA1

    b8b828b93371621f38ff4f681cfdfefd97750da9

  • SHA256

    35fef1e550dfff04e612b990273063a5dd56542f8ee841f9e77b083a17669bbb

  • SHA512

    52d2da9d06fadba119b5acba714f20da4d2a103af8aa5443e60d21afff1244b5efc5f78d1084ac66568039890d6292a588936e92494ae5254d666ed6189f0ca1

  • SSDEEP

    3072:ZvA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXHWP:Z206xWgGxLxWN40PDKR/JnX2P

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

69.38.130.14:80

195.159.28.230:8080

162.241.204.233:8080

115.21.224.117:80

78.189.148.42:80

181.165.68.127:80

78.188.225.105:80

161.0.153.60:80

89.106.251.163:80

172.125.40.123:80

5.39.91.110:7080

110.145.11.73:80

190.251.200.206:80

144.217.7.207:7080

75.109.111.18:80

75.177.207.146:80

139.59.60.244:8080

70.183.211.3:80

95.213.236.64:8080

61.19.246.238:443

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhANQOcBKvh5xEW7VcJ9totsjdBwuAclxS
3
Q0e09fk8V053lktpW3TRrzAW63yt6j1KWnyxMrU3igFXypBoI4lVNmkje4UPtIIS
4
fkzjEIvG1v/ZNn1k0J0PfFTxbFFeUEs3AwIDAQAB
5
-----END PUBLIC KEY-----

Targets

    • Target

      e90e72169858e9ef7fba00013999f868_JaffaCakes118

    • Size

      340KB

    • MD5

      e90e72169858e9ef7fba00013999f868

    • SHA1

      b8b828b93371621f38ff4f681cfdfefd97750da9

    • SHA256

      35fef1e550dfff04e612b990273063a5dd56542f8ee841f9e77b083a17669bbb

    • SHA512

      52d2da9d06fadba119b5acba714f20da4d2a103af8aa5443e60d21afff1244b5efc5f78d1084ac66568039890d6292a588936e92494ae5254d666ed6189f0ca1

    • SSDEEP

      3072:ZvA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXHWP:Z206xWgGxLxWN40PDKR/JnX2P

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.