emotet

General

Target

db8e444c711cef67b19c3c153ae825882c400ee7e7fc1c3aed6412d701e62bb3
Size

182KB
Sample

191220-tws9q2sxva
MD5

5ef84e56eec7f47b466cce4ae06d542d
SHA1

24a9857327b80824a25405aad790eee63b4f220b
SHA256

db8e444c711cef67b19c3c153ae825882c400ee7e7fc1c3aed6412d701e62bb3
SHA512

4c79690f1f1a86ad19a8b5ae1e4aa7411027e35975f1418db573fd7d77a8cb03ab77ae87d77269b66115055dae81bcc911874b8a06419a58870f32fed46add40

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://dejavugroup.com/wp-content/JTjHLbr/

exe.dropper

http://dev7.developmentviewer.com/wp-admin/SYSQOx/

exe.dropper

http://krishna-graphics.com/wp-admin/11x12xd-nobh27two-82927918/

exe.dropper

http://laboratoriosanfrancisco1988.com/9rlkyc/Ccvvezsv/

exe.dropper

http://lanyuewp.com/electrician/ig9eu0g-4q1oml1qc1-749166/

Extracted

Family

emotet

Botnet

Epoch3

C2

98.178.241.106:80

190.171.153.139:80

179.5.118.12:8080

45.79.75.232:8080

124.150.175.133:80

164.68.115.146:8080

5.189.148.98:8080

46.105.128.215:8080

67.254.196.78:443

95.216.207.86:7080

181.46.176.38:80

98.15.140.226:80

217.12.70.226:80

115.179.91.58:80

41.190.148.90:80

162.144.46.90:8080

211.218.105.101:80

212.129.14.27:8080

120.51.83.89:443

200.41.121.69:443

rsa_pubkey.plain

Targets

- Target
  
  db8e444c711cef67b19c3c153ae825882c400ee7e7fc1c3aed6412d701e62bb3
- Size
  
  182KB
- MD5
  
  5ef84e56eec7f47b466cce4ae06d542d
- SHA1
  
  24a9857327b80824a25405aad790eee63b4f220b
- SHA256
  
  db8e444c711cef67b19c3c153ae825882c400ee7e7fc1c3aed6412d701e62bb3
- SHA512
  
  4c79690f1f1a86ad19a8b5ae1e4aa7411027e35975f1418db573fd7d77a8cb03ab77ae87d77269b66115055dae81bcc911874b8a06419a58870f32fed46add40
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
- Drops file in System32 directory
task1