General

  • Target

    ec3f7f5164c70c84d1b1544db11ddc68_JaffaCakes118

  • Size

    427KB

  • Sample

    240919-1lhnxaseqq

  • MD5

    ec3f7f5164c70c84d1b1544db11ddc68

  • SHA1

    ae1dbcf137605891e7ad42644484cffc844f1365

  • SHA256

    ba6e48d34a83eceb4972bc1dc15bb7766529659b4763e7b2c25ec64ffef976ba

  • SHA512

    5ad4266cf3004f93263d9998b765dd618084b4346d9283bf82b8e133c04a42cfd34f13448aaae8c73deaefddb915dfa834de445d960123463eac74daba0ca397

  • SSDEEP

    6144:vXBr9LW/6DUvum8G71YQvq6H/iaRT8oITZO/rVurq:vXdNDDUvum8G5lv7Ha+ThmZo5uG

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

71.72.196.159:80

134.209.36.254:8080

120.138.30.150:8080

94.23.216.33:80

157.245.99.39:8080

137.59.187.107:8080

94.23.237.171:443

61.19.246.238:443

156.155.166.221:80

50.35.17.13:80

153.137.36.142:80

91.211.88.52:7080

209.141.54.221:8080

185.94.252.104:443

174.45.13.118:80

87.106.136.232:8080

62.75.141.82:80

213.196.135.145:80

188.219.31.12:80

82.80.155.43:80

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhANQOcBKvh5xEW7VcJ9totsjdBwuAclxS
3
Q0e09fk8V053lktpW3TRrzAW63yt6j1KWnyxMrU3igFXypBoI4lVNmkje4UPtIIS
4
fkzjEIvG1v/ZNn1k0J0PfFTxbFFeUEs3AwIDAQAB
5
-----END PUBLIC KEY-----

Targets

    • Target

      ec3f7f5164c70c84d1b1544db11ddc68_JaffaCakes118

    • Size

      427KB

    • MD5

      ec3f7f5164c70c84d1b1544db11ddc68

    • SHA1

      ae1dbcf137605891e7ad42644484cffc844f1365

    • SHA256

      ba6e48d34a83eceb4972bc1dc15bb7766529659b4763e7b2c25ec64ffef976ba

    • SHA512

      5ad4266cf3004f93263d9998b765dd618084b4346d9283bf82b8e133c04a42cfd34f13448aaae8c73deaefddb915dfa834de445d960123463eac74daba0ca397

    • SSDEEP

      6144:vXBr9LW/6DUvum8G71YQvq6H/iaRT8oITZO/rVurq:vXdNDDUvum8G5lv7Ha+ThmZo5uG

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.