emotet

General

Target

f631bc4ffac36ef164f57e6fb8a8f2900f2302dad4d0835595e54f4848862df8
Size

230KB
Sample

200113-11fh9rg6se
MD5

2648ff3bd0f6d08fb2a57638618d6edc
SHA1

54a6c18ea3f7c0737e754616f57d00dd3e7dbd59
SHA256

f631bc4ffac36ef164f57e6fb8a8f2900f2302dad4d0835595e54f4848862df8
SHA512

5fdac1bde3a22bf60b26ad85744d394ade1c4ac3015217740c937f3ae711a0a65e9c875710336e2a199b1d7247bcd68d8e3f7a232ecc4313b66825cbdaa05c9a

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://www.entreprendre-en-alsace.com/cust_service/Hp/

exe.dropper

https://www.ambiance-piscines.fr/wp-admin/tQQvQCL/

exe.dropper

https://www.akarosi.com/0868e784ba5af656b959f6ec5e4e9428/a1a/

exe.dropper

https://thecurrenthotel.com/wp-content/zel617r/

exe.dropper

https://wholesaleusedbooks.co.uk/jetpack-temp/Xl1SeJPW/

Extracted

Family

emotet

Botnet

Epoch2

C2

70.175.171.251:80

177.239.160.121:80

89.211.186.227:443

91.250.96.22:8080

37.187.72.193:8080

104.131.44.150:8080

167.71.10.37:8080

181.143.126.170:80

190.53.135.159:21

200.116.145.225:443

139.130.242.43:80

37.139.21.175:8080

103.86.49.11:8080

45.51.40.140:80

221.165.123.72:80

31.172.240.91:8080

78.189.180.107:80

178.153.176.124:80

182.176.132.213:8090

201.184.105.242:443

rsa_pubkey.plain

Targets

- Target
  
  f631bc4ffac36ef164f57e6fb8a8f2900f2302dad4d0835595e54f4848862df8
- Size
  
  230KB
- MD5
  
  2648ff3bd0f6d08fb2a57638618d6edc
- SHA1
  
  54a6c18ea3f7c0737e754616f57d00dd3e7dbd59
- SHA256
  
  f631bc4ffac36ef164f57e6fb8a8f2900f2302dad4d0835595e54f4848862df8
- SHA512
  
  5fdac1bde3a22bf60b26ad85744d394ade1c4ac3015217740c937f3ae711a0a65e9c875710336e2a199b1d7247bcd68d8e3f7a232ecc4313b66825cbdaa05c9a
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
- Drops file in System32 directory
task1