emotet

General

Target

97523d357cab18183af27fb0ad4f5a0c67ec98dbf38d98a9e1041ba43c06a4c0
Size

196KB
Sample

191218-nwrxkk8g5a
MD5

579d88ea68b73b87647a5ca376550f19
SHA1

5fcb7915c2b99f2beb37082c173d0424129173f8
SHA256

97523d357cab18183af27fb0ad4f5a0c67ec98dbf38d98a9e1041ba43c06a4c0
SHA512

e4a48cee01a04e31a22432242c032e3a7b493e2b5ac1e352d34500283270b4bf4b270d00e47fabdd54e00edae33a0561eda54aefe4a4c2ef545b60d23b795c29

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://biswascreation.com/jodp17ksjfs/1flxhgo/

exe.dropper

https://expoblockchain2020.com/cgi-bin/2/

exe.dropper

https://mag-flex.com/wp-admin/xf8q/

exe.dropper

https://www.harriscustomcatering.com/wp-includes/jCItk01ogb/

exe.dropper

https://fdigitalsolutions.com/cgi-bin/mzqjn4h/

Extracted

Family

emotet

Botnet

Epoch2

C2

1.215.28.101:8080

184.167.148.162:80

66.25.34.20:80

165.227.156.155:443

167.99.105.223:7080

67.225.179.64:8080

176.31.200.130:8080

190.220.19.82:443

91.242.138.5:443

159.65.25.128:8080

61.197.110.214:80

110.143.84.202:80

95.128.43.213:8080

91.73.197.90:80

201.184.105.242:443

108.179.206.219:8080

181.57.193.14:80

188.152.7.140:80

139.130.241.252:443

197.254.221.174:80

rsa_pubkey.plain

Targets

- Target
  
  97523d357cab18183af27fb0ad4f5a0c67ec98dbf38d98a9e1041ba43c06a4c0
- Size
  
  196KB
- MD5
  
  579d88ea68b73b87647a5ca376550f19
- SHA1
  
  5fcb7915c2b99f2beb37082c173d0424129173f8
- SHA256
  
  97523d357cab18183af27fb0ad4f5a0c67ec98dbf38d98a9e1041ba43c06a4c0
- SHA512
  
  e4a48cee01a04e31a22432242c032e3a7b493e2b5ac1e352d34500283270b4bf4b270d00e47fabdd54e00edae33a0561eda54aefe4a4c2ef545b60d23b795c29
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
task1