emotet

General

Target

5f2fa8f31561486dd05cc43c19240d180891d098fe1891d8df3606b544feabea
Size

81KB
Sample

191216-gvbvha862j
MD5

14408d595995b89f9ddbaf54ecbb523e
SHA1

2f1bd27d213b95db0528991e8a78366951ea3526
SHA256

5f2fa8f31561486dd05cc43c19240d180891d098fe1891d8df3606b544feabea
SHA512

d9f405cf5d8e872d333dd67bbad0049d52fbb0094932d26efb240dfde5501f0814cde5fccb573a334f67de0dc976861c613d50d49df78a33564146c309a50bd5

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://toivn.com/wp-admin/583483/

exe.dropper

http://talkmeupdev.us-west-2.elasticbeanstalk.com/wp-admin/network/k96246/

exe.dropper

https://thienvuongphat.com/thp/iy99/

exe.dropper

http://campsparrowhawk.se/wp-admin/j3q81823/

exe.dropper

http://doisongvaconnguoi.com/war1wqcr/narqdcn7/

Extracted

Family

emotet

Botnet

Epoch1

C2

152.170.108.99:443

99.252.27.6:80

93.148.252.90:80

96.126.121.64:443

104.236.137.72:8080

85.234.143.94:8080

80.85.87.122:8080

2.139.158.136:443

80.11.158.65:8080

79.31.85.103:80

77.55.211.77:8080

96.61.113.203:80

181.198.203.45:443

142.93.114.137:8080

186.15.83.52:8080

181.36.42.205:443

68.183.190.199:8080

159.203.204.126:8080

50.28.51.143:8080

46.101.212.195:8080

rsa_pubkey.plain

Targets

- Target
  
  5f2fa8f31561486dd05cc43c19240d180891d098fe1891d8df3606b544feabea
- Size
  
  81KB
- MD5
  
  14408d595995b89f9ddbaf54ecbb523e
- SHA1
  
  2f1bd27d213b95db0528991e8a78366951ea3526
- SHA256
  
  5f2fa8f31561486dd05cc43c19240d180891d098fe1891d8df3606b544feabea
- SHA512
  
  d9f405cf5d8e872d333dd67bbad0049d52fbb0094932d26efb240dfde5501f0814cde5fccb573a334f67de0dc976861c613d50d49df78a33564146c309a50bd5
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Executes dropped EXE
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
task1