emotet

General

Target

Docs_7fd7b14acff688e84b811d03e1831552.1
Size

178KB
Sample

191213-rpcr9fl2kj
MD5

7fd7b14acff688e84b811d03e1831552
SHA1

f3f4e4d2200d37b1f6b4a13ff61a0a1c4766ce04
SHA256

57fd6973ae1ee5bc249420f5bfae5737bc4c9cbbf0caac146194044d390f9efc
SHA512

93bcf1cf822095b5f74ea73e9e56739fe8e7fc80aa99a6ec1b91a5fca1fd14600d60ea0878595a53e6890b3c7edce6be894ebaa305233d50b1d336255fa9a5e4

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://kaikeline.com/1B/

exe.dropper

http://irpot.com/css/jRk5gg/

exe.dropper

http://kartcup.net/picture_library/eqop/

exe.dropper

http://lakelass.com/cgi-bin/2dhm/

exe.dropper

http://ouimet.biz/cgi-bin/l/

Extracted

Family

emotet

Botnet

Epoch2

C2

173.91.11.142:80

47.6.15.79:80

47.6.15.79:443

37.59.24.177:8080

66.34.201.20:7080

108.179.206.219:8080

45.56.88.91:443

101.187.134.207:443

1.33.230.137:80

110.143.57.109:80

108.191.2.72:80

47.156.70.145:80

167.71.10.37:8080

190.226.44.20:21

74.105.102.97:8080

190.147.215.53:22

24.45.193.161:7080

70.175.171.251:80

138.59.177.106:443

12.176.19.218:80

rsa_pubkey.plain

Targets

- Target
  
  Docs_7fd7b14acff688e84b811d03e1831552.1
- Size
  
  178KB
- MD5
  
  7fd7b14acff688e84b811d03e1831552
- SHA1
  
  f3f4e4d2200d37b1f6b4a13ff61a0a1c4766ce04
- SHA256
  
  57fd6973ae1ee5bc249420f5bfae5737bc4c9cbbf0caac146194044d390f9efc
- SHA512
  
  93bcf1cf822095b5f74ea73e9e56739fe8e7fc80aa99a6ec1b91a5fca1fd14600d60ea0878595a53e6890b3c7edce6be894ebaa305233d50b1d336255fa9a5e4
Score

10^/10

trojan banker emotet evasion
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
task1 task2