emotet

General

Target

ff459925a85db389a7edc8d34a3790aa03a75c0169484d7aed22ed773e14016f
Size

245KB
Sample

200116-2qt4z772be
MD5

79ad3a4a0bab4b8b1777b32be37c62f3
SHA1

a0d8d30a760c4e48c7a2d5afadd3f0e2758c0aed
SHA256

ff459925a85db389a7edc8d34a3790aa03a75c0169484d7aed22ed773e14016f
SHA512

b03a1a299415bbc130763779ff9be98feef311cec8b9d9e7719f7b1ae5be3e7e8c50cee1fdce5d6b4ea54e3474e432c01e671ae97b0356acd59e23320432a5e5

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://vanezas.com/wp-admin/5xUvXjS/

exe.dropper

http://stlucieairways.com/aujq/ryM608/

exe.dropper

https://www.expertencall.com/pts_bilderupload/SSIyLk/

exe.dropper

http://trends.nextg.io/wp-content/pc5079/

exe.dropper

https://www.volvorotterdam.nl/xmlimport/U7X743/

Extracted

Family

emotet

Botnet

Epoch1

C2

70.123.95.180:80

190.17.44.48:80

59.120.5.154:80

192.241.143.52:8080

159.65.241.220:8080

45.79.95.107:443

69.163.33.84:8080

181.36.42.205:443

113.190.254.245:80

190.195.129.227:8090

50.28.51.143:8080

204.225.249.100:7080

99.252.27.6:80

185.160.229.26:80

77.55.211.77:8080

68.187.160.28:443

152.231.89.226:80

86.123.138.76:80

82.196.15.205:8080

80.11.158.65:8080

rsa_pubkey.plain

Targets

- Target
  
  ff459925a85db389a7edc8d34a3790aa03a75c0169484d7aed22ed773e14016f
- Size
  
  245KB
- MD5
  
  79ad3a4a0bab4b8b1777b32be37c62f3
- SHA1
  
  a0d8d30a760c4e48c7a2d5afadd3f0e2758c0aed
- SHA256
  
  ff459925a85db389a7edc8d34a3790aa03a75c0169484d7aed22ed773e14016f
- SHA512
  
  b03a1a299415bbc130763779ff9be98feef311cec8b9d9e7719f7b1ae5be3e7e8c50cee1fdce5d6b4ea54e3474e432c01e671ae97b0356acd59e23320432a5e5
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
task1