Overview

overview

10

Static

static

3

b0cdec47e6...18.exe

windows7-x64

10

b0cdec47e6...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b0cdec47e68ed0ed86889da8292ee1e7_JaffaCakes118

  • Size

    376KB

  • Sample

    240616-ab54ca1ajc

  • MD5

    b0cdec47e68ed0ed86889da8292ee1e7

  • SHA1

    9f8f7380070af99b7a5d6633cea86e151c4758ed

  • SHA256

    854e7da2ffe2c9aa706bf7fba31b42138544b2335e76c0c205b57ce95bae80e2

  • SHA512

    0ebbad6ffaec2dc63c3a5f499c5c32a2599790f12a15ace782f144418e7294a4a4032c81166dd6852b1fd5041a0c13421cf917765620ae91217432d242513508

  • SSDEEP

    6144:zWKg4vCS9iocEDzogURsxLPH1wvR19SrIya/35VdRjjhowIIyK:ooc0zogUiZw518rgbvawl

Score
10/10
emotetepoch2bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

173.247.19.238:80

174.81.132.128:80

211.44.35.111:80

165.227.156.155:443

167.99.105.223:7080

67.225.179.64:8080

176.31.200.130:8080

104.131.11.150:8080

68.118.26.116:80

190.226.44.20:21

120.150.246.241:80

92.222.216.44:8080

73.214.99.25:80

110.142.38.16:80

24.93.212.32:80

190.53.135.159:21

66.209.97.122:8080

173.91.11.142:80

100.14.117.137:80

2.237.76.249:80
rsa_pubkey.plain

Targets

    • Target

      b0cdec47e68ed0ed86889da8292ee1e7_JaffaCakes118

    • Size

      376KB

    • MD5

      b0cdec47e68ed0ed86889da8292ee1e7

    • SHA1

      9f8f7380070af99b7a5d6633cea86e151c4758ed

    • SHA256

      854e7da2ffe2c9aa706bf7fba31b42138544b2335e76c0c205b57ce95bae80e2

    • SHA512

      0ebbad6ffaec2dc63c3a5f499c5c32a2599790f12a15ace782f144418e7294a4a4032c81166dd6852b1fd5041a0c13421cf917765620ae91217432d242513508

    • SSDEEP

      6144:zWKg4vCS9iocEDzogURsxLPH1wvR19SrIya/35VdRjjhowIIyK:ooc0zogUiZw518rgbvawl

    Score
    10/10
    emotetepoch2bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks