emotet

General

Target

329915e7a80ca2eaa941d1e7dd96c6308f5cdf054dbf8e8d546ae0571e5ebd43
Size

207KB
Sample

191219-zp32rwfa7s
MD5

2b6c027a0e0c37854c72632a2d297696
SHA1

e8864cfd4a68c078403fab24066912cf21eaca27
SHA256

329915e7a80ca2eaa941d1e7dd96c6308f5cdf054dbf8e8d546ae0571e5ebd43
SHA512

672d91f0932f4c1a0917420c3f05a7a02b03ae7856fa065033b9f29bfa622d72f136324a909e9066f39d6a0d8bb7d258091b9cf2dc33577d99248320855a4143

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://pcms.bridgeimprex.com/zAqMf/

exe.dropper

http://test.a1enterprise.com/jxl/xo/

exe.dropper

http://app.bridgeimpex.org/img/H4sNbg51/

exe.dropper

http://a1enterprises.com/wp-content/BpOszbMoI/

exe.dropper

http://isabella.makeyourselfelaborate.com/wp-admin/u19xl/

Extracted

Family

emotet

Botnet

Epoch2

C2

47.149.28.234:80

71.83.82.123:8080

200.114.167.85:80

108.61.99.179:8080

165.227.156.155:443

159.69.89.130:8080

167.99.105.223:7080

188.152.7.140:80

91.73.197.90:80

120.150.246.241:80

91.205.215.66:443

87.230.19.21:8080

75.80.148.244:80

138.122.5.214:8080

219.78.255.48:80

104.131.11.150:8080

121.88.5.176:443

178.209.71.63:8080

179.13.185.19:80

12.176.19.218:80

rsa_pubkey.plain

Targets

- Target
  
  329915e7a80ca2eaa941d1e7dd96c6308f5cdf054dbf8e8d546ae0571e5ebd43
- Size
  
  207KB
- MD5
  
  2b6c027a0e0c37854c72632a2d297696
- SHA1
  
  e8864cfd4a68c078403fab24066912cf21eaca27
- SHA256
  
  329915e7a80ca2eaa941d1e7dd96c6308f5cdf054dbf8e8d546ae0571e5ebd43
- SHA512
  
  672d91f0932f4c1a0917420c3f05a7a02b03ae7856fa065033b9f29bfa622d72f136324a909e9066f39d6a0d8bb7d258091b9cf2dc33577d99248320855a4143
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
task1