emotet

General

Target

Docs_7fd7b14acff688e84b811d03e1831552.60
Size

178KB
Sample

191213-x8e4j9vjxx
MD5

7fd7b14acff688e84b811d03e1831552
SHA1

f3f4e4d2200d37b1f6b4a13ff61a0a1c4766ce04
SHA256

57fd6973ae1ee5bc249420f5bfae5737bc4c9cbbf0caac146194044d390f9efc
SHA512

93bcf1cf822095b5f74ea73e9e56739fe8e7fc80aa99a6ec1b91a5fca1fd14600d60ea0878595a53e6890b3c7edce6be894ebaa305233d50b1d336255fa9a5e4

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://kaikeline.com/1B/

exe.dropper

http://irpot.com/css/jRk5gg/

exe.dropper

http://kartcup.net/picture_library/eqop/

exe.dropper

http://lakelass.com/cgi-bin/2dhm/

exe.dropper

http://ouimet.biz/cgi-bin/l/

Extracted

Family

emotet

Botnet

Epoch2

C2

73.214.99.25:80

179.13.185.19:80

186.67.208.78:8080

37.59.24.177:8080

66.34.201.20:7080

108.179.206.219:8080

45.56.88.91:443

218.44.21.114:80

75.80.148.244:80

31.31.77.83:443

212.129.24.79:8080

12.229.155.122:80

91.73.197.90:80

206.81.10.215:8080

128.65.154.183:443

108.191.2.72:80

144.139.247.220:80

181.57.193.14:80

169.239.182.217:8080

2.38.99.79:80

rsa_pubkey.plain

Targets

- Target
  
  Docs_7fd7b14acff688e84b811d03e1831552.60
- Size
  
  178KB
- MD5
  
  7fd7b14acff688e84b811d03e1831552
- SHA1
  
  f3f4e4d2200d37b1f6b4a13ff61a0a1c4766ce04
- SHA256
  
  57fd6973ae1ee5bc249420f5bfae5737bc4c9cbbf0caac146194044d390f9efc
- SHA512
  
  93bcf1cf822095b5f74ea73e9e56739fe8e7fc80aa99a6ec1b91a5fca1fd14600d60ea0878595a53e6890b3c7edce6be894ebaa305233d50b1d336255fa9a5e4
Score

10^/10

trojan banker emotet evasion
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
task1 task2