emotet

General

Target

dee80fcc93fdf28fb6d796015785e587e2fbc779c948f6ebc6f3a5628d54f905
Size

246KB
Sample

200116-7zklbgvjsn
MD5

110a8448130f01d994dec2e3e2e67d9b
SHA1

8d75987eced4909ffdb6d36dad91d25ce704a13c
SHA256

dee80fcc93fdf28fb6d796015785e587e2fbc779c948f6ebc6f3a5628d54f905
SHA512

1a7ab66d516f0486b0303d32ae3d2aaec7d55bcc2236e1d856194a822fc5bcd50fefa21b801518f93375bc4e61071f2a54ac8d42eedc2330a4917738ddc7dba3

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://nfaagro.com/web_map/FF/

exe.dropper

http://blog.arquitetofabiopalheta.com/cgi-bin/vr1tm/

exe.dropper

http://ecrib.e-lyfe.com/21rqvsb/XLkpTvt/

exe.dropper

http://www.moestlstudios.com/error/kx8/

exe.dropper

http://www.loyss.com/wp-content/uploads/fnf8/

Extracted

Family

emotet

Botnet

Epoch2

C2

24.196.49.98:80

93.147.141.5:443

72.189.57.105:80

91.250.96.22:8080

37.187.72.193:8080

104.131.44.150:8080

167.71.10.37:8080

27.109.153.201:8090

105.247.123.133:8080

190.12.119.180:443

120.151.135.224:80

221.165.123.72:80

103.86.49.11:8080

178.237.139.83:8080

5.32.55.214:80

95.213.236.64:8080

189.203.177.41:443

78.24.219.147:8080

190.117.226.104:80

73.11.153.178:8080

rsa_pubkey.plain

Targets

- Target
  
  dee80fcc93fdf28fb6d796015785e587e2fbc779c948f6ebc6f3a5628d54f905
- Size
  
  246KB
- MD5
  
  110a8448130f01d994dec2e3e2e67d9b
- SHA1
  
  8d75987eced4909ffdb6d36dad91d25ce704a13c
- SHA256
  
  dee80fcc93fdf28fb6d796015785e587e2fbc779c948f6ebc6f3a5628d54f905
- SHA512
  
  1a7ab66d516f0486b0303d32ae3d2aaec7d55bcc2236e1d856194a822fc5bcd50fefa21b801518f93375bc4e61071f2a54ac8d42eedc2330a4917738ddc7dba3
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
task1