emotet

General

Target

bbf79cb4aa35f097ee65fbf27c2808626e53c4460eeec58c2a828aa669b50b74
Size

249KB
Sample

200114-66vnekjn26
MD5

08d257f26d6fcc469db67a7d3d21da01
SHA1

b4e20ecfd69705516e8376f07640b7e63ba3a16e
SHA256

bbf79cb4aa35f097ee65fbf27c2808626e53c4460eeec58c2a828aa669b50b74
SHA512

7be7886b79dfbde711b7b486d5d3bce1b6ebcbdfb8fde9e55ae5d5820425a5b9db5805ed0de4183e78a8c3507a3167b0333a31ef38928d1b1b41d22b627e4474

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://uat.playquakewith.us/wp-admin/jks/

exe.dropper

http://panganobat.lipi.go.id/calendar/o04/

exe.dropper

http://pbs.onsisdev.info/wp-content/uploads/OBv44RS/

exe.dropper

https://pneuauto.dev.webdoodle.com.au/wp-includes/gTct/

exe.dropper

https://www.innovation4crisis.org/wp-admin/I/

Extracted

Family

emotet

Botnet

Epoch2

C2

66.7.242.50:8080

72.186.137.156:80

197.89.27.26:8080

91.250.96.22:8080

37.187.72.193:8080

104.131.44.150:8080

167.71.10.37:8080

78.24.219.147:8080

159.65.25.128:8080

95.128.43.213:8080

179.13.185.19:80

186.86.247.171:443

110.142.38.16:80

201.173.217.124:443

169.239.182.217:8080

211.63.71.72:8080

104.131.11.150:8080

190.55.181.54:443

209.146.22.34:443

64.53.242.181:8080

rsa_pubkey.plain

Targets

- Target
  
  bbf79cb4aa35f097ee65fbf27c2808626e53c4460eeec58c2a828aa669b50b74
- Size
  
  249KB
- MD5
  
  08d257f26d6fcc469db67a7d3d21da01
- SHA1
  
  b4e20ecfd69705516e8376f07640b7e63ba3a16e
- SHA256
  
  bbf79cb4aa35f097ee65fbf27c2808626e53c4460eeec58c2a828aa669b50b74
- SHA512
  
  7be7886b79dfbde711b7b486d5d3bce1b6ebcbdfb8fde9e55ae5d5820425a5b9db5805ed0de4183e78a8c3507a3167b0333a31ef38928d1b1b41d22b627e4474
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
task1