emotet

General

Target

9d7854178437a26f14d851e786d68dcdfa005d2010b175103ccf8e1eb106b141
Size

80KB
Sample

191218-xngrmz4lzs
MD5

af25ed47ccd175d9dbca68e2f37b6a74
SHA1

3d2114a537df75d4a3baa2188f52192575e097b7
SHA256

9d7854178437a26f14d851e786d68dcdfa005d2010b175103ccf8e1eb106b141
SHA512

23f23267586bd56d42ed0bb680ca9edf00fff50a3ae6bccce69f633c3e7c153fa8c244a0384e329328161f59f33bba0022b065fbacad332e789fe7e3727e6b2d

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://duanchungcubatdongsan.com/wp-admin/kvv6737/

exe.dropper

http://iamsuperkol.com/wp-admin/1gexz6/

exe.dropper

http://demo1.alismartdropship.com/wp-content/cs9ei61/

exe.dropper

http://driventodaypodcast.com/megaphone/t45787/

exe.dropper

http://newdiscoverclutch.discoverclutch.com/cgi-bin/4v6/

Extracted

Family

emotet

Botnet

Epoch1

C2

74.79.103.55:80

190.100.153.162:443

190.6.193.152:8080

96.126.121.64:443

104.236.137.72:8080

85.234.143.94:8080

80.85.87.122:8080

62.75.160.178:8080

71.76.45.83:443

14.160.93.230:80

87.106.77.40:7080

149.135.123.65:80

76.221.133.146:80

46.101.212.195:8080

91.83.93.124:7080

45.8.136.201:80

201.213.32.59:80

2.139.158.136:443

152.170.108.99:443

188.14.39.65:443

rsa_pubkey.plain

Targets

- Target
  
  9d7854178437a26f14d851e786d68dcdfa005d2010b175103ccf8e1eb106b141
- Size
  
  80KB
- MD5
  
  af25ed47ccd175d9dbca68e2f37b6a74
- SHA1
  
  3d2114a537df75d4a3baa2188f52192575e097b7
- SHA256
  
  9d7854178437a26f14d851e786d68dcdfa005d2010b175103ccf8e1eb106b141
- SHA512
  
  23f23267586bd56d42ed0bb680ca9edf00fff50a3ae6bccce69f633c3e7c153fa8c244a0384e329328161f59f33bba0022b065fbacad332e789fe7e3727e6b2d
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Executes dropped EXE
task1