emotet

General

Target

a461e68a56f148dd8229948f29e1afba3ec22bba86556917fde3b00e2c9d5f44
Size

203KB
Sample

191220-bd77nfpp22
MD5

e48e7bd7b1bc694f6a5e4e0a5d46fea3
SHA1

4a94a590731617dd92abcaebfad0ec21814a8196
SHA256

a461e68a56f148dd8229948f29e1afba3ec22bba86556917fde3b00e2c9d5f44
SHA512

86e8aa8d13499de8fccb09a12a4314c86cb29dfa4ed8bcc849c38df0fd31ed021d18c666b6e762e36e34fee1b671b54c0e91355255f8b2c7d17dc32ae3aab9d0

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://www.trangiabds.com/wp-admin/88IHJgsuqF/

exe.dropper

https://kashifclothhouse.com/wp-admin/Pzv6563/

exe.dropper

https://hgklighting.com/wp-admin/V5i324/

exe.dropper

https://gloriapionproperties.com/wp-content/9k16/

exe.dropper

https://azatea.com/pytosj2jd/e5X381802/

Extracted

Family

emotet

Botnet

Epoch1

C2

68.187.160.28:443

97.120.32.227:80

187.188.166.192:8080

144.217.117.207:8080

96.126.121.64:443

104.236.137.72:8080

85.234.143.94:8080

68.174.15.223:80

63.246.252.234:80

93.148.252.90:80

74.59.187.94:80

185.160.212.3:80

46.28.111.142:7080

183.99.239.141:80

68.129.203.162:443

144.139.56.105:80

191.183.21.190:80

81.157.234.90:8080

138.68.106.4:7080

203.130.0.69:80

rsa_pubkey.plain

Targets

- Target
  
  a461e68a56f148dd8229948f29e1afba3ec22bba86556917fde3b00e2c9d5f44
- Size
  
  203KB
- MD5
  
  e48e7bd7b1bc694f6a5e4e0a5d46fea3
- SHA1
  
  4a94a590731617dd92abcaebfad0ec21814a8196
- SHA256
  
  a461e68a56f148dd8229948f29e1afba3ec22bba86556917fde3b00e2c9d5f44
- SHA512
  
  86e8aa8d13499de8fccb09a12a4314c86cb29dfa4ed8bcc849c38df0fd31ed021d18c666b6e762e36e34fee1b671b54c0e91355255f8b2c7d17dc32ae3aab9d0
Score

10^/10

trojan banker emotet evasion spyware
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
- Modifies system certificate store
  evasion spyware trojan
task1