emotet

General

Target

6b4755766b6f0a943acc79bdcc1f348ba24796d6d502491d417a3e119b0d4c24
Size

176KB
Sample

191209-m7qsvr4zee
MD5

30f903ac3402fe2696a0426257445fc3
SHA1

85c7e28a6e7c1c46c38b541b799d919dacc6e3f4
SHA256

6b4755766b6f0a943acc79bdcc1f348ba24796d6d502491d417a3e119b0d4c24
SHA512

f7b140c0669d6d89992d4b94dd0fbb23951ce2cbeb6f8fec30d2239f75c1ba4637232fd33979b1067b0a5ed7e7c2eb03c430160dc95cf65a7ac9e0699d1d6184

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://www.yadegarebastan.com/wp-content/9mg/

exe.dropper

http://vikstory.ca/h/k/

exe.dropper

https://brelaxmassage.com/wp-includes/BRU8KftsJ/

exe.dropper

https://obgyn.toughjobs.org/wp-admin/h6NG/

exe.dropper

https://uaeessay.com/wp-admin/mKUMNk/

Extracted

Family

emotet

Botnet

Epoch2

C2

12.176.19.218:80

66.76.63.99:80

100.14.117.137:80

37.59.24.177:8080

66.34.201.20:7080

108.179.206.219:8080

45.56.88.91:443

176.106.183.253:8080

31.172.240.91:8080

139.130.241.252:443

188.152.7.140:80

110.142.38.16:80

200.71.148.138:8080

87.106.139.101:8080

91.187.80.246:80

195.244.215.206:80

93.147.141.5:80

104.131.11.150:8080

104.236.246.93:8080

181.57.193.14:80

rsa_pubkey.plain

Targets

- Target
  
  6b4755766b6f0a943acc79bdcc1f348ba24796d6d502491d417a3e119b0d4c24
- Size
  
  176KB
- MD5
  
  30f903ac3402fe2696a0426257445fc3
- SHA1
  
  85c7e28a6e7c1c46c38b541b799d919dacc6e3f4
- SHA256
  
  6b4755766b6f0a943acc79bdcc1f348ba24796d6d502491d417a3e119b0d4c24
- SHA512
  
  f7b140c0669d6d89992d4b94dd0fbb23951ce2cbeb6f8fec30d2239f75c1ba4637232fd33979b1067b0a5ed7e7c2eb03c430160dc95cf65a7ac9e0699d1d6184
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Executes dropped EXE
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
task1