emotet

General

Target

fc1e45aede20cbf39bb2d752810ea5fb6acb2afe292bdaaa21b94c0b324539a1
Size

71KB
Sample

191210-26rq53dhhj
MD5

30f1f4cdeda3f526ea8599afb7d3ea41
SHA1

ca060d8206edc1ac6bae2d47589ea85faa37c30d
SHA256

fc1e45aede20cbf39bb2d752810ea5fb6acb2afe292bdaaa21b94c0b324539a1
SHA512

24a2dbc5f053197177731368f0f0331eb767d38319944b540a6333dc967b35b444ad6322c64146f2cc8df8ff36b1222a63b06e9cd4f53d679db3a6223c341013

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://masseyatnandina.com/wp-content/ys44/

exe.dropper

http://pickpointgarage.com/protected-array/zb1k8/

exe.dropper

http://evolvedself.com/dir/523arw979/

exe.dropper

http://www.eruquantum.com/scripts/t647/

exe.dropper

http://stlaurentpro.com/25bd/a49/

Extracted

Family

emotet

Botnet

Epoch1

C2

76.221.133.146:80

104.33.129.244:80

172.90.70.168:8080

96.126.121.64:443

104.236.137.72:8080

172.104.233.225:8080

85.234.143.94:8080

50.28.51.143:8080

190.186.164.23:80

47.146.42.234:80

63.246.252.234:80

80.29.54.20:80

68.183.190.199:8080

46.28.111.142:7080

183.82.97.25:80

87.106.46.107:8080

188.216.24.204:80

186.68.48.204:443

181.198.203.45:443

88.250.223.190:8080

rsa_pubkey.plain

Targets

- Target
  
  fc1e45aede20cbf39bb2d752810ea5fb6acb2afe292bdaaa21b94c0b324539a1
- Size
  
  71KB
- MD5
  
  30f1f4cdeda3f526ea8599afb7d3ea41
- SHA1
  
  ca060d8206edc1ac6bae2d47589ea85faa37c30d
- SHA256
  
  fc1e45aede20cbf39bb2d752810ea5fb6acb2afe292bdaaa21b94c0b324539a1
- SHA512
  
  24a2dbc5f053197177731368f0f0331eb767d38319944b540a6333dc967b35b444ad6322c64146f2cc8df8ff36b1222a63b06e9cd4f53d679db3a6223c341013
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Executes dropped EXE
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
task1