emotet

General

Target

1612cd9b94f1c335969ff73c085dceadf11615bc296caea41c9628fbab30d5e2
Size

99KB
Sample

191219-ba5z9dgrc2
MD5

ce4c8e226dfbc75d238f1accbae50f09
SHA1

9290436d1c81d679670348bd841540e3a38568cb
SHA256

1612cd9b94f1c335969ff73c085dceadf11615bc296caea41c9628fbab30d5e2
SHA512

c99f8cb41a1d570e44dd7e573075b75950ddf6f67c3efc72ecce6dc14c3985787cab80b280ecdc9fed3193868978f025799d04c67d97666e3b1f55820aff47fd

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://siberiankatalog.com/wp-admin/ntaan872/

exe.dropper

http://profitcoach.net/wp-includes/5s419/

exe.dropper

https://alwatania-co.com/cgi-bin/b38983/

exe.dropper

https://www.icelp.info/wp-includes/uzxgqpu52588/

exe.dropper

http://registro.mibebeyyo.com/application/gbvwde29/

Extracted

Family

emotet

Botnet

Epoch1

C2

63.248.198.8:80

189.19.81.181:443

130.204.247.253:80

96.126.121.64:443

104.236.137.72:8080

85.234.143.94:8080

51.255.165.160:8080

118.36.70.245:80

190.210.184.138:995

188.135.15.49:80

139.162.118.88:8080

72.29.55.174:80

68.183.170.114:8080

181.231.62.54:80

192.241.146.84:8080

71.76.45.83:443

63.246.252.234:80

37.211.49.127:80

74.59.187.94:80

5.88.27.67:8080

rsa_pubkey.plain

Targets

- Target
  
  1612cd9b94f1c335969ff73c085dceadf11615bc296caea41c9628fbab30d5e2
- Size
  
  99KB
- MD5
  
  ce4c8e226dfbc75d238f1accbae50f09
- SHA1
  
  9290436d1c81d679670348bd841540e3a38568cb
- SHA256
  
  1612cd9b94f1c335969ff73c085dceadf11615bc296caea41c9628fbab30d5e2
- SHA512
  
  c99f8cb41a1d570e44dd7e573075b75950ddf6f67c3efc72ecce6dc14c3985787cab80b280ecdc9fed3193868978f025799d04c67d97666e3b1f55820aff47fd
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
task1