General

  • Target

    f7cd1d173556384757a84e9e263a5943_JaffaCakes118

  • Size

    172KB

  • Sample

    240926-hk9f5awdkb

  • MD5

    f7cd1d173556384757a84e9e263a5943

  • SHA1

    50c131f14d7862c172c3679e30f4936819c1ff37

  • SHA256

    90be8bccb337e1d9e9dd3d019656fb6454e57a85060ef929ba9d6820f3394b51

  • SHA512

    ae71b87e9bb8b90238b22b43aa891411f589fd9e8cc8705a15539c4c42bcc884b1cbaf4815f7270391f8ba16b6257866da89d6865305a913ae3e88b074b749cc

  • SSDEEP

    3072:drrB9IL9C/sjzVO0K2iPnjvOkF/QTf5k4VDvOQn:drrfIL8/IPFiPn7RmTRkw

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

220.245.198.194:80

104.156.59.7:8080

120.138.30.150:8080

139.59.67.118:443

139.130.242.43:80

104.32.141.43:80

156.155.166.221:80

121.7.127.163:80

153.177.101.120:443

162.241.242.173:8080

91.211.88.52:7080

95.179.229.244:8080

103.86.49.11:8080

139.59.60.244:8080

121.124.124.40:7080

104.131.11.150:443

200.114.213.233:8080

82.225.49.121:80

79.98.24.39:8080

5.196.74.210:8080

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhANQOcBKvh5xEW7VcJ9totsjdBwuAclxS
3
Q0e09fk8V053lktpW3TRrzAW63yt6j1KWnyxMrU3igFXypBoI4lVNmkje4UPtIIS
4
fkzjEIvG1v/ZNn1k0J0PfFTxbFFeUEs3AwIDAQAB
5
-----END PUBLIC KEY-----

Targets

    • Target

      f7cd1d173556384757a84e9e263a5943_JaffaCakes118

    • Size

      172KB

    • MD5

      f7cd1d173556384757a84e9e263a5943

    • SHA1

      50c131f14d7862c172c3679e30f4936819c1ff37

    • SHA256

      90be8bccb337e1d9e9dd3d019656fb6454e57a85060ef929ba9d6820f3394b51

    • SHA512

      ae71b87e9bb8b90238b22b43aa891411f589fd9e8cc8705a15539c4c42bcc884b1cbaf4815f7270391f8ba16b6257866da89d6865305a913ae3e88b074b749cc

    • SSDEEP

      3072:drrB9IL9C/sjzVO0K2iPnjvOkF/QTf5k4VDvOQn:drrfIL8/IPFiPn7RmTRkw

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Emotet payload

      Detects Emotet payload in memory.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.