Overview

overview

10

Static

static

3

f4a0a266fd...18.exe

windows7-x64

10

f4a0a266fd...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f4a0a266fdb49495592a06cefdcb05be_JaffaCakes118

  • Size

    360KB

  • Sample

    240924-2faa1ssdka

  • MD5

    f4a0a266fdb49495592a06cefdcb05be

  • SHA1

    725a3355264bd85fa27cd31d1c57baf4ab92df53

  • SHA256

    159faa642359ac875aba0fcc6abe5917d4559e8bbfe981aed4af83412fafe1dc

  • SHA512

    60b3c5802a33f4f6299cb764e03af5467dd74c7c328493c1acf4830188564bbadd67bf3fa8137bdb18e29ff0643ed6f73758dacd0fd1745389189b5e1c3b788c

  • SSDEEP

    6144:ykps/EJxl4tfji9K/9AFnXQkT2r+t0ooMSAFjNr4DyVebdMH:ykpsClQLMK/qXQkT2r+tFVSAYDyVOdMH

Score
10/10
emotetepoch2bankerdiscoverytrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

137.119.36.33:80

116.202.234.183:8080

69.30.203.214:8080

2.58.16.85:7080

24.179.13.119:80

24.233.112.152:80

173.62.217.22:443

139.130.242.43:80

199.101.86.142:8080

103.86.49.11:8080

74.208.45.104:8080

190.160.53.126:80

67.205.85.243:8080

87.106.139.101:8080

5.196.74.210:8080

85.105.205.77:8080

95.179.229.244:8080

204.197.146.48:80

46.105.131.79:8080

68.44.137.144:443
rsa_pubkey.plain

Targets

    • Target

      f4a0a266fdb49495592a06cefdcb05be_JaffaCakes118

    • Size

      360KB

    • MD5

      f4a0a266fdb49495592a06cefdcb05be

    • SHA1

      725a3355264bd85fa27cd31d1c57baf4ab92df53

    • SHA256

      159faa642359ac875aba0fcc6abe5917d4559e8bbfe981aed4af83412fafe1dc

    • SHA512

      60b3c5802a33f4f6299cb764e03af5467dd74c7c328493c1acf4830188564bbadd67bf3fa8137bdb18e29ff0643ed6f73758dacd0fd1745389189b5e1c3b788c

    • SSDEEP

      6144:ykps/EJxl4tfji9K/9AFnXQkT2r+t0ooMSAFjNr4DyVebdMH:ykpsClQLMK/qXQkT2r+tFVSAYDyVOdMH

    Score
    10/10
    emotetepoch2bankerdiscoverytrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks