Overview

overview

10

Static

static

1

021952cc1e...18.dll

windows7-x64

10

021952cc1e...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    021952cc1eba31e5b8e222ffe08e1aaf_JaffaCakes118

  • Size

    346KB

  • Sample

    240622-pjyrkasakl

  • MD5

    021952cc1eba31e5b8e222ffe08e1aaf

  • SHA1

    7f6416110d3df8f58dbec9d917ecbdca2d92f24c

  • SHA256

    d8a31bc6d0dc7479c61ea5ee7f636591e71b5c790a7f068db917394ee8bdbde9

  • SHA512

    fd711646ed0870f0d07c427acbfbf8db9fe83b69c07a591e5ab708bdd9e326e612aecf6d1ec159f9af83e088f5f07d559342f945447d43c0f06852768462ed55

  • SSDEEP

    3072:Y82jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRkcj:r2L7HN7Kl/jLA90QECrYRpj

Score
10/10
emotetepoch1bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

84.232.229.24:80

51.255.203.164:8080

217.160.169.110:8080

51.15.7.145:80

177.85.167.10:80

186.177.174.163:80

190.114.254.163:8080

185.183.16.47:80

149.202.72.142:7080

181.30.61.163:443

31.27.59.105:80

50.28.51.143:8080

68.183.190.199:8080

85.214.26.7:8080

137.74.106.111:7080

200.75.39.254:80

85.105.239.184:443

190.45.24.210:80

170.81.48.2:80

109.101.137.162:8080
rsa_pubkey.plain

Targets

    • Target

      021952cc1eba31e5b8e222ffe08e1aaf_JaffaCakes118

    • Size

      346KB

    • MD5

      021952cc1eba31e5b8e222ffe08e1aaf

    • SHA1

      7f6416110d3df8f58dbec9d917ecbdca2d92f24c

    • SHA256

      d8a31bc6d0dc7479c61ea5ee7f636591e71b5c790a7f068db917394ee8bdbde9

    • SHA512

      fd711646ed0870f0d07c427acbfbf8db9fe83b69c07a591e5ab708bdd9e326e612aecf6d1ec159f9af83e088f5f07d559342f945447d43c0f06852768462ed55

    • SSDEEP

      3072:Y82jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRkcj:r2L7HN7Kl/jLA90QECrYRpj

    Score
    10/10
    emotetepoch1bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks