General

  • Target

    fd13092ca2f1aacda7d6b52f63549db3_JaffaCakes118

  • Size

    217KB

  • Sample

    240928-y4s69axfke

  • MD5

    fd13092ca2f1aacda7d6b52f63549db3

  • SHA1

    a5c1a11c0de39955284a4e80ad65cb1a343afbf2

  • SHA256

    ae8116d3612f4643556d0645bfb47284909ba625ad5b4e3e4d43816fbaeba6bb

  • SHA512

    590d25aa88bdcdc9840c69b31c2a881df5114ab880cb909184a014b782727a446ef47ba978d165be09bc22e066ca836871ff7197ea806849854e7fcccd0fd9c7

  • SSDEEP

    3072:ghwzKIBjNtuBNjTFgEnf2qcmWsnvspn8XldWpz60icVgN8JSJ68UPslH:qFIpNtuBRj2qMW0olYpz6zugNS8Es

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

50.116.86.205:8080

209.97.168.52:8080

37.187.2.199:443

149.202.197.94:8080

104.239.175.211:8080

104.131.11.150:8080

144.139.247.220:80

59.103.164.174:80

182.176.132.213:8090

87.230.19.21:8080

149.202.153.252:8080

103.39.131.88:80

107.170.24.125:8080

192.241.255.77:8080

190.145.67.134:8090

186.75.241.230:80

192.241.220.155:8080

178.210.51.222:8080

37.157.194.134:443

31.12.67.62:7080

rsa_pubkey.plain

Targets

    • Target

      fd13092ca2f1aacda7d6b52f63549db3_JaffaCakes118

    • Size

      217KB

    • MD5

      fd13092ca2f1aacda7d6b52f63549db3

    • SHA1

      a5c1a11c0de39955284a4e80ad65cb1a343afbf2

    • SHA256

      ae8116d3612f4643556d0645bfb47284909ba625ad5b4e3e4d43816fbaeba6bb

    • SHA512

      590d25aa88bdcdc9840c69b31c2a881df5114ab880cb909184a014b782727a446ef47ba978d165be09bc22e066ca836871ff7197ea806849854e7fcccd0fd9c7

    • SSDEEP

      3072:ghwzKIBjNtuBNjTFgEnf2qcmWsnvspn8XldWpz60icVgN8JSJ68UPslH:qFIpNtuBRj2qMW0olYpz6zugNS8Es

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks