emotet

General

Target

Docs_c3d6e9cced9f71d25309a2240eb8b182.47
Size

190KB
Sample

191207-qkzv4jpd66
MD5

c3d6e9cced9f71d25309a2240eb8b182
SHA1

b13414f3430f8e606afe178bf1a65319741b95d9
SHA256

819273b637aa3d7db7f8e436d37513443d2eb96b7d449bf11cdd3f1fc221d2b6
SHA512

2a451f0e2116b63c52337bda0f11fd7c467aaae57c1524ac7c29ec9506e22ea257bd8d3fcf7cc341cf818080dfef57b788611a5a03ba02b3ea44dca864b714f4

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://newtrendmall.store/01-install/bFNiWnVVI/

exe.dropper

http://scammerreviews.com/wp-admin/DSscXHm/

exe.dropper

http://namisaffron.com/v59rni/ZTuaJanco/

exe.dropper

https://www.oodda.com/wp-admin/de4p2ec3-wj4mghjou-15889/

exe.dropper

https://maxbill.devpace.net/Blog/vl01s-3buqcj-0980773041/

Extracted

Family

emotet

Botnet

Epoch3

C2

172.90.70.168:443

72.69.99.47:80

24.28.178.71:80

172.105.213.30:80

69.30.205.162:7080

50.63.13.135:8080

192.161.190.171:8080

119.159.150.176:443

98.15.140.226:80

190.189.79.73:80

181.44.166.242:80

198.57.217.170:8080

210.224.65.117:80

82.79.244.92:80

72.27.212.209:8080

212.129.14.27:8080

181.47.235.26:993

182.176.116.139:995

142.93.87.198:8080

190.101.87.170:80

rsa_pubkey.plain

Targets

- Target
  
  Docs_c3d6e9cced9f71d25309a2240eb8b182.47
- Size
  
  190KB
- MD5
  
  c3d6e9cced9f71d25309a2240eb8b182
- SHA1
  
  b13414f3430f8e606afe178bf1a65319741b95d9
- SHA256
  
  819273b637aa3d7db7f8e436d37513443d2eb96b7d449bf11cdd3f1fc221d2b6
- SHA512
  
  2a451f0e2116b63c52337bda0f11fd7c467aaae57c1524ac7c29ec9506e22ea257bd8d3fcf7cc341cf818080dfef57b788611a5a03ba02b3ea44dca864b714f4
Score

10^/10

trojan banker emotet evasion
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
task1 task2