emotet

General

Target

777634407e739b5bd6b93600cc4684defbb884c5729fdaff17b6cc2351b0d3d2
Size

167KB
Sample

191212-k9bnn9r2cs
MD5

0eea6344670dc623b52d3d8c0a7f0e2e
SHA1

19ecb9c57a2d1afdefe4abff2b4e56a3a27562a9
SHA256

777634407e739b5bd6b93600cc4684defbb884c5729fdaff17b6cc2351b0d3d2
SHA512

17a49f47e25c115e1310fdac4a1e68993b402bd3f9232c335c1786f553cbb76e92f3e579ac9733a71014413d11ef02f50ceabc4ee71996f17a1467686c96efb0

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://jdcc-stu.com/wp-includes/6109/

exe.dropper

http://jandmadventuring.servermaintain.com/wp-content/uploads/8ly08u77849/

exe.dropper

http://wilkopaintinc.com/common_resource/qac395/

exe.dropper

http://essemengineers.com/AdminPanel/cku0s00262/

exe.dropper

http://t666v.com/vlk2lo4i/fi20416/

Extracted

Family

emotet

Botnet

Epoch1

C2

91.74.175.46:80

96.38.234.10:80

71.76.45.83:443

96.126.121.64:443

104.236.137.72:8080

85.234.143.94:8080

80.85.87.122:8080

130.45.45.31:80

62.75.143.100:7080

142.93.114.137:8080

79.7.114.1:80

134.209.214.126:8080

68.183.190.199:8080

139.162.118.88:8080

212.71.237.140:8080

46.28.111.142:7080

181.231.62.54:80

200.124.225.32:80

73.167.135.180:80

200.119.11.118:443

rsa_pubkey.plain

Targets

- Target
  
  777634407e739b5bd6b93600cc4684defbb884c5729fdaff17b6cc2351b0d3d2
- Size
  
  167KB
- MD5
  
  0eea6344670dc623b52d3d8c0a7f0e2e
- SHA1
  
  19ecb9c57a2d1afdefe4abff2b4e56a3a27562a9
- SHA256
  
  777634407e739b5bd6b93600cc4684defbb884c5729fdaff17b6cc2351b0d3d2
- SHA512
  
  17a49f47e25c115e1310fdac4a1e68993b402bd3f9232c335c1786f553cbb76e92f3e579ac9733a71014413d11ef02f50ceabc4ee71996f17a1467686c96efb0
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Executes dropped EXE
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
task1