emotet

General

Target

Docs_b147ef181809997d173ebc4242d4a74d.28
Size

176KB
Sample

191209-634tpcdtna
MD5

b147ef181809997d173ebc4242d4a74d
SHA1

a6a1cc1e66ba3b0fd0658b04271eea49f60548f3
SHA256

23419c0a7cc778b60899d25977c95f7291915539f5f9bb85c5ce3bfe11c77e9b
SHA512

818a9d25728854279e5c51c846828471d480c8361010fbf7441a8390396752e258b827a3057e66874a58eb27ab6432cb475f7b36f9f1c043ff02caf85b5b98d1

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://www.aitb66.com/wp-admin/wdm12182/

exe.dropper

http://zisoft.zinad.net/wp-content/7flgzi080/

exe.dropper

http://ausflugemarrakesh.com/cgi-bin/512/

exe.dropper

http://axis-gps.com/pzdjz/hgpu56/

exe.dropper

https://xploremotions.com/rtrx/c656/

Extracted

Family

emotet

Botnet

Epoch1

C2

76.221.133.146:80

104.33.129.244:80

172.90.70.168:8080

96.126.121.64:443

104.236.137.72:8080

172.104.233.225:8080

85.234.143.94:8080

50.28.51.143:8080

190.186.164.23:80

47.146.42.234:80

63.246.252.234:80

80.29.54.20:80

68.183.190.199:8080

46.28.111.142:7080

183.82.97.25:80

87.106.46.107:8080

188.216.24.204:80

186.68.48.204:443

181.198.203.45:443

88.250.223.190:8080

rsa_pubkey.plain

Targets

- Target
  
  Docs_b147ef181809997d173ebc4242d4a74d.28
- Size
  
  176KB
- MD5
  
  b147ef181809997d173ebc4242d4a74d
- SHA1
  
  a6a1cc1e66ba3b0fd0658b04271eea49f60548f3
- SHA256
  
  23419c0a7cc778b60899d25977c95f7291915539f5f9bb85c5ce3bfe11c77e9b
- SHA512
  
  818a9d25728854279e5c51c846828471d480c8361010fbf7441a8390396752e258b827a3057e66874a58eb27ab6432cb475f7b36f9f1c043ff02caf85b5b98d1
Score

10^/10

trojan banker emotet evasion
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
task1 task2