emotet

General

Target

7f50f03bb60365815ddf328960d091ca38e30b9af32c983b5586953ad46073f3
Size

185KB
Sample

191217-t8tbn4f6n2
MD5

24fd04a2018eeec757f44f74ea60a711
SHA1

8069fb1efaabe4b6c1a80fb5a8fc0351d01a5bcc
SHA256

7f50f03bb60365815ddf328960d091ca38e30b9af32c983b5586953ad46073f3
SHA512

e83f9c37f9ae1f5e4f7573f98c0dc82455ebfca6ae3fbfa4d1773ad38a88d3e861808899fb05ff53f95cf33b54dd822c185ee4f530bbf80f253dabcd67a7306e

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://nangngucsiam.com/wp-content/plugins/wp-ffpc/4ij33/

exe.dropper

http://jsd-id.com/wp-content/uploads/4ae3ep99933/

exe.dropper

http://18teens.xyz/wp-content/epewe862/

exe.dropper

http://www.fundzit.com/wp-admin/g05/

exe.dropper

http://wp.banyannaples.com/cgi-bin/97sq9667/

Extracted

Family

emotet

Botnet

Epoch1

C2

152.170.108.99:443

99.252.27.6:80

93.148.252.90:80

96.126.121.64:443

104.236.137.72:8080

85.234.143.94:8080

80.85.87.122:8080

2.139.158.136:443

80.11.158.65:8080

79.31.85.103:80

77.55.211.77:8080

96.61.113.203:80

181.198.203.45:443

142.93.114.137:8080

186.15.83.52:8080

181.36.42.205:443

68.183.190.199:8080

159.203.204.126:8080

50.28.51.143:8080

46.101.212.195:8080

rsa_pubkey.plain

Targets

- Target
  
  7f50f03bb60365815ddf328960d091ca38e30b9af32c983b5586953ad46073f3
- Size
  
  185KB
- MD5
  
  24fd04a2018eeec757f44f74ea60a711
- SHA1
  
  8069fb1efaabe4b6c1a80fb5a8fc0351d01a5bcc
- SHA256
  
  7f50f03bb60365815ddf328960d091ca38e30b9af32c983b5586953ad46073f3
- SHA512
  
  e83f9c37f9ae1f5e4f7573f98c0dc82455ebfca6ae3fbfa4d1773ad38a88d3e861808899fb05ff53f95cf33b54dd822c185ee4f530bbf80f253dabcd67a7306e
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Executes dropped EXE
task1