emotet

General

Target

4320ac63a844d0218ce852cf498b9abca14799f24c8808dc551e3818a544bd68
Size

178KB
Sample

191211-332jrwpez2
MD5

2c0864e90ed8ed6b65df42b2ff1af421
SHA1

9fd152bf39434f39d225b5f46fa5c8014aafe5ef
SHA256

4320ac63a844d0218ce852cf498b9abca14799f24c8808dc551e3818a544bd68
SHA512

d4c29193c551937fc62453d95349258e7c6adb973f6212c9a21f20b5c4c78e7de5fe93eef027486f42bbb9e6145ce202db258e3a9e4f313ab758bad926b92b75

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://trendinformatica.eu/arcfabrics/i88ixy9/

exe.dropper

http://theomelet.com/wp-content/fQd/

exe.dropper

http://kgd898.com/wp-admin/h45mi/

exe.dropper

http://idealssschang.com/calendar/60PcB/

exe.dropper

http://happiness360degree.com/wp-admin/fj/

Extracted

Family

emotet

Botnet

Epoch2

C2

110.143.84.202:80

75.80.148.244:80

64.53.242.181:8080

37.59.24.177:8080

66.34.201.20:7080

108.179.206.219:8080

45.56.88.91:443

206.189.112.148:8080

211.63.71.72:8080

178.210.51.222:8080

92.186.52.193:80

195.244.215.206:80

2.38.99.79:80

37.157.194.134:443

206.81.10.215:8080

80.21.182.46:80

80.11.163.139:21

190.56.255.118:80

190.226.44.20:21

173.70.81.77:80

rsa_pubkey.plain

Targets

- Target
  
  4320ac63a844d0218ce852cf498b9abca14799f24c8808dc551e3818a544bd68
- Size
  
  178KB
- MD5
  
  2c0864e90ed8ed6b65df42b2ff1af421
- SHA1
  
  9fd152bf39434f39d225b5f46fa5c8014aafe5ef
- SHA256
  
  4320ac63a844d0218ce852cf498b9abca14799f24c8808dc551e3818a544bd68
- SHA512
  
  d4c29193c551937fc62453d95349258e7c6adb973f6212c9a21f20b5c4c78e7de5fe93eef027486f42bbb9e6145ce202db258e3a9e4f313ab758bad926b92b75
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Executes dropped EXE
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
task1