emotet

General

Target

0fcabd53281c3d1833a2bbb2e91487f09033a8d6c734c0e4e953bf36ff30cf1f
Size

184KB
Sample

191218-3lrrvyanzx
MD5

3b1105f6c1f8c25fce3136f7a0b4b56f
SHA1

cca780c3855da11d74b5ac20bcea41f4ef745de6
SHA256

0fcabd53281c3d1833a2bbb2e91487f09033a8d6c734c0e4e953bf36ff30cf1f
SHA512

814d0dd5f9412632c94a21c7426307355f347c55c5b60d6e920cedd8054f7c8fbbbd1b71efeb8dea44a5002f37a979ccf7f6040d9cf0f1f712989407c4cdd4f8

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://gobabynames.com/dz6r/xytx7/

exe.dropper

http://nhomkinhthienbinh.com/cgi-bin/yW/

exe.dropper

http://capitalcitycarwash.com/komldk65kd/7tz/

exe.dropper

http://compscischool.com/wp-content/8a1n/

exe.dropper

http://gianphoisonghong.com/wp-includes/AUWxwq1V2s/

Extracted

Family

emotet

Botnet

Epoch2

C2

173.247.19.238:80

174.81.132.128:80

211.44.35.111:80

165.227.156.155:443

167.99.105.223:7080

67.225.179.64:8080

176.31.200.130:8080

104.131.11.150:8080

68.118.26.116:80

190.226.44.20:21

120.150.246.241:80

92.222.216.44:8080

73.214.99.25:80

110.142.38.16:80

24.93.212.32:80

190.53.135.159:21

66.209.97.122:8080

173.91.11.142:80

100.14.117.137:80

2.237.76.249:80

rsa_pubkey.plain

Targets

- Target
  
  0fcabd53281c3d1833a2bbb2e91487f09033a8d6c734c0e4e953bf36ff30cf1f
- Size
  
  184KB
- MD5
  
  3b1105f6c1f8c25fce3136f7a0b4b56f
- SHA1
  
  cca780c3855da11d74b5ac20bcea41f4ef745de6
- SHA256
  
  0fcabd53281c3d1833a2bbb2e91487f09033a8d6c734c0e4e953bf36ff30cf1f
- SHA512
  
  814d0dd5f9412632c94a21c7426307355f347c55c5b60d6e920cedd8054f7c8fbbbd1b71efeb8dea44a5002f37a979ccf7f6040d9cf0f1f712989407c4cdd4f8
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Executes dropped EXE
task1