emotet

General

Target

418471b28549547510de4b6092959db252e62104f228ce72573df41767bdef28
Size

196KB
Sample

191218-lntvcbswnj
MD5

ad144568507fbf05f6ef3c12ab102792
SHA1

2249e35891fdb2bc80bd0b917d3ea22ea717412d
SHA256

418471b28549547510de4b6092959db252e62104f228ce72573df41767bdef28
SHA512

0a874db70ae013d6dc1ac5bb7eff6150565b4c327c76636f930119d91dc94a429dd10857481943b7d59407a396945a3c45153f20490aaeeb8432855c4610e045

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://www.meee-designbuild.com/wp-content/vs718/

exe.dropper

https://cardesign-analytics.com/messagelist/wdi9/

exe.dropper

https://www.danytex.com/cgi-bin/c5b2ze315/

exe.dropper

http://nexusfantasy.com/rxmu/eebmh133/

exe.dropper

http://basic.woo-wa.com/lwral/wz87053/

Extracted

Family

emotet

Botnet

Epoch1

C2

63.248.198.8:80

189.19.81.181:443

130.204.247.253:80

96.126.121.64:443

104.236.137.72:8080

85.234.143.94:8080

51.255.165.160:8080

118.36.70.245:80

190.210.184.138:995

188.135.15.49:80

139.162.118.88:8080

72.29.55.174:80

68.183.170.114:8080

181.231.62.54:80

192.241.146.84:8080

71.76.45.83:443

63.246.252.234:80

37.211.49.127:80

74.59.187.94:80

5.88.27.67:8080

rsa_pubkey.plain

Targets

- Target
  
  418471b28549547510de4b6092959db252e62104f228ce72573df41767bdef28
- Size
  
  196KB
- MD5
  
  ad144568507fbf05f6ef3c12ab102792
- SHA1
  
  2249e35891fdb2bc80bd0b917d3ea22ea717412d
- SHA256
  
  418471b28549547510de4b6092959db252e62104f228ce72573df41767bdef28
- SHA512
  
  0a874db70ae013d6dc1ac5bb7eff6150565b4c327c76636f930119d91dc94a429dd10857481943b7d59407a396945a3c45153f20490aaeeb8432855c4610e045
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
- Drops file in System32 directory
task1