emotet

General

Target

51a54622e05ccc0c76da3f53ee86a4b05603fda6d604a7916b58d264267b56c8
Size

185KB
Sample

191218-9vnmx8jn1j
MD5

43b119601b6574287c73a58fdf5cc71b
SHA1

f6a063766ad9aad46b5f32ebf30529c3447a234a
SHA256

51a54622e05ccc0c76da3f53ee86a4b05603fda6d604a7916b58d264267b56c8
SHA512

d536b48167afd873e2dc36748c196c648a65c29a48ca257bf5be6b2e1e964918a0b2c0cfbc8c32bf95f9b3dc6dd002fbaa66882223db237f1b99f2caa14a3fdc

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://gobabynames.com/dz6r/xytx7/

exe.dropper

http://nhomkinhthienbinh.com/cgi-bin/yW/

exe.dropper

http://capitalcitycarwash.com/komldk65kd/7tz/

exe.dropper

http://compscischool.com/wp-content/8a1n/

exe.dropper

http://gianphoisonghong.com/wp-includes/AUWxwq1V2s/

Extracted

Family

emotet

Botnet

Epoch2

C2

173.247.19.238:80

174.81.132.128:80

211.44.35.111:80

165.227.156.155:443

167.99.105.223:7080

67.225.179.64:8080

176.31.200.130:8080

104.131.11.150:8080

68.118.26.116:80

190.226.44.20:21

120.150.246.241:80

92.222.216.44:8080

73.214.99.25:80

110.142.38.16:80

24.93.212.32:80

190.53.135.159:21

66.209.97.122:8080

173.91.11.142:80

100.14.117.137:80

2.237.76.249:80

rsa_pubkey.plain

Targets

- Target
  
  51a54622e05ccc0c76da3f53ee86a4b05603fda6d604a7916b58d264267b56c8
- Size
  
  185KB
- MD5
  
  43b119601b6574287c73a58fdf5cc71b
- SHA1
  
  f6a063766ad9aad46b5f32ebf30529c3447a234a
- SHA256
  
  51a54622e05ccc0c76da3f53ee86a4b05603fda6d604a7916b58d264267b56c8
- SHA512
  
  d536b48167afd873e2dc36748c196c648a65c29a48ca257bf5be6b2e1e964918a0b2c0cfbc8c32bf95f9b3dc6dd002fbaa66882223db237f1b99f2caa14a3fdc
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Executes dropped EXE
task1