emotet

General

Target

9bcbca256994d7bc9a09ad1c495efa7f79a003e9f2a0ab21bfb2754ebe92874f
Size

101KB
Sample

191219-r1xl1mp146
MD5

2aac54fc19c8466b0693df043af781fd
SHA1

94292fc1693f296e404db1a6f5b668b36543b704
SHA256

9bcbca256994d7bc9a09ad1c495efa7f79a003e9f2a0ab21bfb2754ebe92874f
SHA512

cc2657a906d14babdd2dc2a30308077386399e0ac39e2b9434b4a27d9b6052dfeab11d234b0241e2f94c2597b7be34196c607a8c8d4269150b133aaf6c3c3e4a

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://laclinika.com/wp-admin/r42ar70/

exe.dropper

https://thechasermart.com/wp-admin/7u93/

exe.dropper

https://zamusicport.com/wp-content/Vmc/

exe.dropper

https://zaloshop.net/wp-admin/8j0827/

exe.dropper

https://www.leatherbyd.com/PHPMailer-master/q91l5u01353/

Extracted

Family

emotet

Botnet

Epoch1

C2

63.248.198.8:80

189.19.81.181:443

130.204.247.253:80

96.126.121.64:443

104.236.137.72:8080

85.234.143.94:8080

51.255.165.160:8080

118.36.70.245:80

190.210.184.138:995

188.135.15.49:80

139.162.118.88:8080

72.29.55.174:80

68.183.170.114:8080

181.231.62.54:80

192.241.146.84:8080

71.76.45.83:443

63.246.252.234:80

37.211.49.127:80

74.59.187.94:80

5.88.27.67:8080

rsa_pubkey.plain

Targets

- Target
  
  9bcbca256994d7bc9a09ad1c495efa7f79a003e9f2a0ab21bfb2754ebe92874f
- Size
  
  101KB
- MD5
  
  2aac54fc19c8466b0693df043af781fd
- SHA1
  
  94292fc1693f296e404db1a6f5b668b36543b704
- SHA256
  
  9bcbca256994d7bc9a09ad1c495efa7f79a003e9f2a0ab21bfb2754ebe92874f
- SHA512
  
  cc2657a906d14babdd2dc2a30308077386399e0ac39e2b9434b4a27d9b6052dfeab11d234b0241e2f94c2597b7be34196c607a8c8d4269150b133aaf6c3c3e4a
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
task1