emotet

General

Target

e4ea8d11c4961b44e32cdcb1cda5fa05b33137c1066761bc195194d9133f13a1
Size

176KB
Sample

191210-csaawyhn5x
MD5

2651c8b1ec124ecce7ff93645711f876
SHA1

4014ae90ca1bfe38cfb4b5c9f3d4fa8d2e0cbf21
SHA256

e4ea8d11c4961b44e32cdcb1cda5fa05b33137c1066761bc195194d9133f13a1
SHA512

400e66dd41875ae154e0d879bc7e6f21c70d27816448f298b831999d904c34963db995e2734f08f90860faffa33145fe58123ef01d41ac5afdcff8c0efafc2dd

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://myphamthuydung.com/tmp/bwo/

exe.dropper

http://lalletera.cat/bootstrap/ilym/

exe.dropper

https://www.primepenguin.com/wp-admin/fefkbm/

exe.dropper

https://www.ukrembtr.com/wp-admin/s3OYk/

exe.dropper

https://shourayinfotech.xyz/wp-includes/pa1uxi/

Extracted

Family

emotet

Botnet

Epoch2

C2

2.38.99.79:80

98.24.231.64:80

47.156.70.145:80

37.59.24.177:8080

66.34.201.20:7080

108.179.206.219:8080

45.56.88.91:443

206.189.112.148:8080

120.150.246.241:80

190.56.255.118:80

200.71.148.138:8080

192.241.255.77:8080

211.63.71.72:8080

190.53.135.159:21

183.102.238.69:465

108.191.2.72:80

107.170.24.125:8080

167.114.242.226:8080

91.73.197.90:80

178.209.71.63:8080

rsa_pubkey.plain

Targets

- Target
  
  e4ea8d11c4961b44e32cdcb1cda5fa05b33137c1066761bc195194d9133f13a1
- Size
  
  176KB
- MD5
  
  2651c8b1ec124ecce7ff93645711f876
- SHA1
  
  4014ae90ca1bfe38cfb4b5c9f3d4fa8d2e0cbf21
- SHA256
  
  e4ea8d11c4961b44e32cdcb1cda5fa05b33137c1066761bc195194d9133f13a1
- SHA512
  
  400e66dd41875ae154e0d879bc7e6f21c70d27816448f298b831999d904c34963db995e2734f08f90860faffa33145fe58123ef01d41ac5afdcff8c0efafc2dd
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Executes dropped EXE
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
task1