emotet

General

Target

115088a6fc23e09b797f8256fd67ee60eae48df940103b7607f7d171523dd47e
Size

183KB
Sample

191220-a7zes4m8rs
MD5

03dc2eb86067cd6c728756bcc340ea51
SHA1

afce05bc5862b88049220e1ef68b6257d3244b48
SHA256

115088a6fc23e09b797f8256fd67ee60eae48df940103b7607f7d171523dd47e
SHA512

03d7b99175c9501ace8c8d8abd5fa804bec544f946f7acab9684006c756943d905c25e2b3d3a93b184446bd0e30326658b803fc53c7d64df09870ca3c7829fec

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://peikeshargh.com/wp-admin/HXU15i/

exe.dropper

http://cooklawyerllc.com/DB/XygG68105/

exe.dropper

https://www.meditationmusic.shop/musicshop/MYatxrUp/

exe.dropper

http://magic-in-china.com/wovltk23ld/f9aH1153/

exe.dropper

http://www.ikedi.info/wp-content/x4f7893/

Extracted

Family

emotet

Botnet

Epoch1

C2

177.180.115.224:80

177.242.21.126:80

190.210.236.139:80

144.217.117.207:8080

96.126.121.64:443

104.236.137.72:8080

85.234.143.94:8080

5.88.27.67:8080

37.187.6.63:8080

186.15.83.52:8080

201.213.32.59:80

97.81.12.153:80

178.79.163.131:8080

138.68.106.4:7080

217.199.160.224:8080

181.61.143.177:80

189.19.81.181:443

186.68.48.204:443

118.36.70.245:80

80.11.158.65:8080

rsa_pubkey.plain

Targets

- Target
  
  115088a6fc23e09b797f8256fd67ee60eae48df940103b7607f7d171523dd47e
- Size
  
  183KB
- MD5
  
  03dc2eb86067cd6c728756bcc340ea51
- SHA1
  
  afce05bc5862b88049220e1ef68b6257d3244b48
- SHA256
  
  115088a6fc23e09b797f8256fd67ee60eae48df940103b7607f7d171523dd47e
- SHA512
  
  03d7b99175c9501ace8c8d8abd5fa804bec544f946f7acab9684006c756943d905c25e2b3d3a93b184446bd0e30326658b803fc53c7d64df09870ca3c7829fec
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
- Drops file in System32 directory
task1