emotet

General

Target

5f3f1a765294d7c72934ad9b36f982d38cc9dc9312ef5221cbf391cd4292da79
Size

99KB
Sample

191219-s1yn94edd2
MD5

700b9da3096efee7a7de8d0afa36996c
SHA1

fb4db0c54ee1c785b25b879d183d6b01a7ddce37
SHA256

5f3f1a765294d7c72934ad9b36f982d38cc9dc9312ef5221cbf391cd4292da79
SHA512

cce69f4164ee1f49334feae0e300949c10e489cc66a205625e1c17f809484be7fd8ebc9a1d33e6be4e9b348df235ec64e599ce940a4d1c484aa5a8559dc0b1a2

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://proyectoin.com/sushi/vipulg5517/

exe.dropper

http://reklamturk.net/wwvv2/n6d810122/

exe.dropper

http://radioyachting.com/thumbs/na1t448/

exe.dropper

http://redironmarketing.com/oscommerce/kisbe16464/

exe.dropper

http://wolfinpigsclothing.com/cgi-bin/a2s830/

Extracted

Family

emotet

Botnet

Epoch1

C2

63.248.198.8:80

189.19.81.181:443

130.204.247.253:80

96.126.121.64:443

104.236.137.72:8080

85.234.143.94:8080

51.255.165.160:8080

118.36.70.245:80

190.210.184.138:995

188.135.15.49:80

139.162.118.88:8080

72.29.55.174:80

68.183.170.114:8080

181.231.62.54:80

192.241.146.84:8080

71.76.45.83:443

63.246.252.234:80

37.211.49.127:80

74.59.187.94:80

5.88.27.67:8080

rsa_pubkey.plain

Targets

- Target
  
  5f3f1a765294d7c72934ad9b36f982d38cc9dc9312ef5221cbf391cd4292da79
- Size
  
  99KB
- MD5
  
  700b9da3096efee7a7de8d0afa36996c
- SHA1
  
  fb4db0c54ee1c785b25b879d183d6b01a7ddce37
- SHA256
  
  5f3f1a765294d7c72934ad9b36f982d38cc9dc9312ef5221cbf391cd4292da79
- SHA512
  
  cce69f4164ee1f49334feae0e300949c10e489cc66a205625e1c17f809484be7fd8ebc9a1d33e6be4e9b348df235ec64e599ce940a4d1c484aa5a8559dc0b1a2
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
task1