emotet

General

Target

b554687e67437c34ba161bf732d8c04112d581e589a111f9a45772172f3e4f1d
Size

184KB
Sample

191220-avd9xmrwe2
MD5

48df341cf2775ac8c38e60460f885484
SHA1

94f47857306fa53427905ee55c0008fb7ef12b5c
SHA256

b554687e67437c34ba161bf732d8c04112d581e589a111f9a45772172f3e4f1d
SHA512

73266e79e3b114abf05ccdc1ffca2efa1b9db2111dd10191c79a075744722b4704605ecf28d00aff927d528e806f5e8682cbf0acc5588613e320b2e9e2ca1ecd

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://dejavugroup.com/wp-content/JTjHLbr/

exe.dropper

http://dev7.developmentviewer.com/wp-admin/SYSQOx/

exe.dropper

http://krishna-graphics.com/wp-admin/11x12xd-nobh27two-82927918/

exe.dropper

http://laboratoriosanfrancisco1988.com/9rlkyc/Ccvvezsv/

exe.dropper

http://lanyuewp.com/electrician/ig9eu0g-4q1oml1qc1-749166/

Extracted

Family

emotet

Botnet

Epoch3

C2

98.178.241.106:80

190.171.153.139:80

179.5.118.12:8080

45.79.75.232:8080

124.150.175.133:80

164.68.115.146:8080

5.189.148.98:8080

46.105.128.215:8080

67.254.196.78:443

95.216.207.86:7080

181.46.176.38:80

98.15.140.226:80

217.12.70.226:80

115.179.91.58:80

41.190.148.90:80

162.144.46.90:8080

211.218.105.101:80

212.129.14.27:8080

120.51.83.89:443

200.41.121.69:443

rsa_pubkey.plain

Targets

- Target
  
  b554687e67437c34ba161bf732d8c04112d581e589a111f9a45772172f3e4f1d
- Size
  
  184KB
- MD5
  
  48df341cf2775ac8c38e60460f885484
- SHA1
  
  94f47857306fa53427905ee55c0008fb7ef12b5c
- SHA256
  
  b554687e67437c34ba161bf732d8c04112d581e589a111f9a45772172f3e4f1d
- SHA512
  
  73266e79e3b114abf05ccdc1ffca2efa1b9db2111dd10191c79a075744722b4704605ecf28d00aff927d528e806f5e8682cbf0acc5588613e320b2e9e2ca1ecd
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
task1