Overview

overview

10

Static

static

1

12313f7317...18.dll

windows7-x64

10

12313f7317...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12313f7317e826a11512f6afc5a4bb31_JaffaCakes118

  • Size

    346KB

  • Sample

    240626-q324rsxcqb

  • MD5

    12313f7317e826a11512f6afc5a4bb31

  • SHA1

    47d319a054cef6fd07179e94b6374a65ac39a6be

  • SHA256

    13763bd6a61ef7479cebff9c275620c1cf362d2bbabe4d7d75295533bd5227de

  • SHA512

    6c7ce1f81377299f62df135059b3f62d4377bb7df92284cf102999c0e6d98b39db00dd4246d5048c60c43091c36bf20281abd2c4a1182f497c52675c38ef93c9

  • SSDEEP

    3072:w82jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRkcj:D2L7HN7Kl/jLA90QECrYRpj

Score
10/10
emotetepoch1bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

84.232.229.24:80

51.255.203.164:8080

217.160.169.110:8080

51.15.7.145:80

177.85.167.10:80

186.177.174.163:80

190.114.254.163:8080

185.183.16.47:80

149.202.72.142:7080

181.30.61.163:443

31.27.59.105:80

50.28.51.143:8080

68.183.190.199:8080

85.214.26.7:8080

137.74.106.111:7080

200.75.39.254:80

85.105.239.184:443

190.45.24.210:80

170.81.48.2:80

109.101.137.162:8080
rsa_pubkey.plain

Targets

    • Target

      12313f7317e826a11512f6afc5a4bb31_JaffaCakes118

    • Size

      346KB

    • MD5

      12313f7317e826a11512f6afc5a4bb31

    • SHA1

      47d319a054cef6fd07179e94b6374a65ac39a6be

    • SHA256

      13763bd6a61ef7479cebff9c275620c1cf362d2bbabe4d7d75295533bd5227de

    • SHA512

      6c7ce1f81377299f62df135059b3f62d4377bb7df92284cf102999c0e6d98b39db00dd4246d5048c60c43091c36bf20281abd2c4a1182f497c52675c38ef93c9

    • SSDEEP

      3072:w82jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRkcj:D2L7HN7Kl/jLA90QECrYRpj

    Score
    10/10
    emotetepoch1bankertrojan

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

      trojanbankeremotet

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks