emotet

General

Target

8b609fd8a3fa8035a22468460e491f21ffa438e527463173a2403dc4097640d9
Size

186KB
Sample

191216-wxp89r22la
MD5

19efa8190d53d638d27bdb5993717042
SHA1

68f6c63d9f8852f04990daa9cb4803cf10d4649f
SHA256

8b609fd8a3fa8035a22468460e491f21ffa438e527463173a2403dc4097640d9
SHA512

058eb420412b99ad2691cecd3336a6205a0c7fe789233e44c8440e91e39d7f1ccf1e62874a1a0f855f66cfee7e0d9d0d7b970eb097a76a7d8ff6113a17607ed9

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://helloseatravel.com/wp-content/EFtavrYg/

exe.dropper

http://goldonam.com/wp-admin/uv/

exe.dropper

http://mattonicomunicacao.com/agenciamento/ekuia/

exe.dropper

http://myagentco.com/new/vkn/

exe.dropper

https://usa.slackart.ch/wp-content/TxDVHvMRu8/

Extracted

Family

emotet

Botnet

Epoch2

C2

85.152.174.56:80

59.148.227.190:80

5.154.58.24:80

46.105.131.87:80

37.59.24.177:8080

66.34.201.20:7080

108.179.206.219:8080

211.63.71.72:8080

47.6.15.79:80

201.173.217.124:443

98.24.231.64:80

201.251.133.92:443

116.48.142.21:443

74.105.102.97:8080

58.171.42.66:8080

169.239.182.217:8080

149.202.153.252:8080

91.73.197.90:80

186.75.241.230:80

73.214.99.25:80

rsa_pubkey.plain

Targets

- Target
  
  8b609fd8a3fa8035a22468460e491f21ffa438e527463173a2403dc4097640d9
- Size
  
  186KB
- MD5
  
  19efa8190d53d638d27bdb5993717042
- SHA1
  
  68f6c63d9f8852f04990daa9cb4803cf10d4649f
- SHA256
  
  8b609fd8a3fa8035a22468460e491f21ffa438e527463173a2403dc4097640d9
- SHA512
  
  058eb420412b99ad2691cecd3336a6205a0c7fe789233e44c8440e91e39d7f1ccf1e62874a1a0f855f66cfee7e0d9d0d7b970eb097a76a7d8ff6113a17607ed9
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Executes dropped EXE
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
task1