emotet

General

Target

54549c77150daeca5c7ccf7fe8c079fb75dc0640bd64cdb6f0295f9c2382e4c2
Size

242KB
Sample

200115-mmts7lq33n
MD5

433e999ceee41af98ab269724fe05bff
SHA1

a9c2927d5f9848c1029926f94817675d9e5ed8ba
SHA256

54549c77150daeca5c7ccf7fe8c079fb75dc0640bd64cdb6f0295f9c2382e4c2
SHA512

ae9b9d443ed4a82fe6292e3deb7b90ea52f0ec5fe9fd3c9afdad7482b9326480c6d2456d84d8751c6759dc43d7389ca3b6b10b2d2ab54d441f0352978d3a4b95

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://lehraagrotech.com/wp-content/B/

exe.dropper

http://emdgames.com/calendar/xos/

exe.dropper

http://seca.infoavisos.com/wp-seca/f/

exe.dropper

http://arx163.com/wp-admin/uw4/

exe.dropper

http://youthplant.org/wp-admin/838/

Extracted

Family

emotet

Botnet

Epoch2

C2

24.196.49.98:80

93.147.141.5:443

72.189.57.105:80

91.250.96.22:8080

37.187.72.193:8080

104.131.44.150:8080

167.71.10.37:8080

27.109.153.201:8090

105.247.123.133:8080

190.12.119.180:443

120.151.135.224:80

221.165.123.72:80

103.86.49.11:8080

178.237.139.83:8080

5.32.55.214:80

95.213.236.64:8080

189.203.177.41:443

78.24.219.147:8080

190.117.226.104:80

73.11.153.178:8080

rsa_pubkey.plain

Targets

- Target
  
  54549c77150daeca5c7ccf7fe8c079fb75dc0640bd64cdb6f0295f9c2382e4c2
- Size
  
  242KB
- MD5
  
  433e999ceee41af98ab269724fe05bff
- SHA1
  
  a9c2927d5f9848c1029926f94817675d9e5ed8ba
- SHA256
  
  54549c77150daeca5c7ccf7fe8c079fb75dc0640bd64cdb6f0295f9c2382e4c2
- SHA512
  
  ae9b9d443ed4a82fe6292e3deb7b90ea52f0ec5fe9fd3c9afdad7482b9326480c6d2456d84d8751c6759dc43d7389ca3b6b10b2d2ab54d441f0352978d3a4b95
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
- Drops file in System32 directory
task1