General

  • Target

    eeb67d65034173ae7defdde92b4514e0_JaffaCakes118

  • Size

    617KB

  • Sample

    240921-aj2qwswcje

  • MD5

    eeb67d65034173ae7defdde92b4514e0

  • SHA1

    3c40e7978b4ee5f8a61f9ca826b47da1b4ec75ba

  • SHA256

    a08e1a43e3810eeda496e55add74562b7d812bb29e76ee1dd0fabedac3ccc415

  • SHA512

    6f2320b47e39ad82d7545a17423fbbe746213b07989d2947c87dfdc4569dc9b5e8b88f91d6cdb98fcbb909cc554cbb2d04c45c4c1f524f9a9b8bd7d0c9df1a04

  • SSDEEP

    12288:OYzchQVZnkmt/70MWugxPJZFpf0c1pHDbdJ8CA88fzsBsI3+Dc:B4KV5Hpt8bZHLt+CSfasO+

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

84.232.229.24:80

51.255.203.164:8080

217.160.169.110:8080

185.183.16.47:80

190.45.24.210:80

187.162.248.237:80

93.146.143.191:80

185.94.252.27:443

143.0.85.206:7080

80.15.100.37:80

85.105.239.184:443

94.176.234.118:443

62.84.75.50:80

137.74.106.111:7080

172.104.169.32:8080

46.105.114.137:8080

94.126.8.1:80

78.206.229.130:80

93.149.120.214:80

192.175.111.212:7080

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOZ9fLJ8UrI0OZURpPsR3eijAyfPj3z6
3
uS75f2igmYFW2aWgNcFIzsAYQleKzD0nlCFHOo7Zf8/4wY2UW0CJ4dJEHnE/PHlz
4
6uNk3pxjm7o4eCDyiJbzf+k0Azjl0q54FQIDAQAB
5
-----END PUBLIC KEY-----

Targets

    • Target

      eeb67d65034173ae7defdde92b4514e0_JaffaCakes118

    • Size

      617KB

    • MD5

      eeb67d65034173ae7defdde92b4514e0

    • SHA1

      3c40e7978b4ee5f8a61f9ca826b47da1b4ec75ba

    • SHA256

      a08e1a43e3810eeda496e55add74562b7d812bb29e76ee1dd0fabedac3ccc415

    • SHA512

      6f2320b47e39ad82d7545a17423fbbe746213b07989d2947c87dfdc4569dc9b5e8b88f91d6cdb98fcbb909cc554cbb2d04c45c4c1f524f9a9b8bd7d0c9df1a04

    • SSDEEP

      12288:OYzchQVZnkmt/70MWugxPJZFpf0c1pHDbdJ8CA88fzsBsI3+Dc:B4KV5Hpt8bZHLt+CSfasO+

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.