emotet

General

Target

585307062aaa4f62202ad9d974146773038ed2e3a8f75b14a3e27c1b5fc4f5f1
Size

171KB
Sample

191210-rxbfnb2yta
MD5

84b484881365d4f0c836842eb0ec435a
SHA1

dd962e30d3509cb5c185c03ba0ce9bcd70a35d96
SHA256

585307062aaa4f62202ad9d974146773038ed2e3a8f75b14a3e27c1b5fc4f5f1
SHA512

16c2166772b29d55ba0eaa6882626dbb8a3bcb364441088568c6b0b209480b534f304249ff522495d65608a09c2d4631b1749eba6a3f6e199c7fa7fa91f1bfe2

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://www.cigpcl.com/wp-admin/9674/

exe.dropper

http://blog.380degre.com/wp-admin/xk8/

exe.dropper

https://bestmusicafrica.com/cgi-bin/g336/

exe.dropper

http://event.narailvolunteers.org/wp-admin/e12153/

exe.dropper

http://ljterrace.com/fmjiet/j6uv75/

Extracted

Family

emotet

Botnet

Epoch1

C2

85.152.208.146:80

68.174.15.223:80

2.42.173.240:80

96.126.121.64:443

104.236.137.72:8080

172.104.233.225:8080

85.234.143.94:8080

45.79.95.107:443

77.55.211.77:8080

188.14.39.65:443

83.165.163.225:80

185.160.212.3:80

109.169.86.13:8080

68.183.190.199:8080

119.59.124.163:8080

178.79.163.131:8080

87.118.70.69:8080

91.83.93.124:7080

77.241.53.234:80

109.166.89.91:80

rsa_pubkey.plain

Targets

- Target
  
  585307062aaa4f62202ad9d974146773038ed2e3a8f75b14a3e27c1b5fc4f5f1
- Size
  
  171KB
- MD5
  
  84b484881365d4f0c836842eb0ec435a
- SHA1
  
  dd962e30d3509cb5c185c03ba0ce9bcd70a35d96
- SHA256
  
  585307062aaa4f62202ad9d974146773038ed2e3a8f75b14a3e27c1b5fc4f5f1
- SHA512
  
  16c2166772b29d55ba0eaa6882626dbb8a3bcb364441088568c6b0b209480b534f304249ff522495d65608a09c2d4631b1749eba6a3f6e199c7fa7fa91f1bfe2
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Executes dropped EXE
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
task1