emotet

General

Target

1aadecae9e168d092eb93dbad3f0473f5c2c11233263ed2ace1269ae81743868
Size

182KB
Sample

191221-qgqv6a9epe
MD5

11f933cedc18581b6e3cbee57c98989a
SHA1

915d1611aec25ac1c81da90158e8d4d67a6cb2de
SHA256

1aadecae9e168d092eb93dbad3f0473f5c2c11233263ed2ace1269ae81743868
SHA512

6eb7d198b4f57a544307b5318c91c5b18b86c521740a0197e53af4871a66e199eedcaec463c01dcd383c64f24ca908869150806b6fcaf860ec568566c0e26ed8

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://hanserefelektrik.com/wp-content/o0zEZ17669/

exe.dropper

http://governessfilms.com/cgi-bin/gnbw2/

exe.dropper

http://forming-a.com/mysql/0s53/

exe.dropper

http://harbour-springs.webonlinepro.com/cgi-bin/pdviP01/

exe.dropper

http://gomitra.com/aspnet_client/xkwsJj/

Extracted

Family

emotet

Botnet

Epoch1

C2

177.180.115.224:80

177.242.21.126:80

190.210.236.139:80

144.217.117.207:8080

96.126.121.64:443

104.236.137.72:8080

85.234.143.94:8080

5.88.27.67:8080

37.187.6.63:8080

186.15.83.52:8080

201.213.32.59:80

97.81.12.153:80

178.79.163.131:8080

138.68.106.4:7080

217.199.160.224:8080

181.61.143.177:80

189.19.81.181:443

186.68.48.204:443

118.36.70.245:80

80.11.158.65:8080

rsa_pubkey.plain

Targets

- Target
  
  1aadecae9e168d092eb93dbad3f0473f5c2c11233263ed2ace1269ae81743868
- Size
  
  182KB
- MD5
  
  11f933cedc18581b6e3cbee57c98989a
- SHA1
  
  915d1611aec25ac1c81da90158e8d4d67a6cb2de
- SHA256
  
  1aadecae9e168d092eb93dbad3f0473f5c2c11233263ed2ace1269ae81743868
- SHA512
  
  6eb7d198b4f57a544307b5318c91c5b18b86c521740a0197e53af4871a66e199eedcaec463c01dcd383c64f24ca908869150806b6fcaf860ec568566c0e26ed8
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
- Drops file in System32 directory
task1