emotet

General

Target

b67b28bd6bd0011b174ad203f013f28585cf54ad2bc0c5c065cbe8e046d77642
Size

243KB
Sample

200116-cbfw8pxwva
MD5

eaed14c1333c1f2c4a628963035c1115
SHA1

8e8673c7668d28597baa79f417e9e807b5e2e81c
SHA256

b67b28bd6bd0011b174ad203f013f28585cf54ad2bc0c5c065cbe8e046d77642
SHA512

d2bdd9a1c78ee0225d3b8d6f44d50cfd8f9e6cf4c996fc5a1ac6294beb8afd474f37a96a364bdb6416664caf75b056989f72ece01984286689bfb846e1429f71

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://media.najaminstitute.com/zlnl4e/bygv89z/

exe.dropper

http://ektisadona.com/wp-includes/vq7/

exe.dropper

http://iiatlanta.com/wp-admin/joABbF/

exe.dropper

http://wotan.info/wp-content/jz5p/

exe.dropper

http://grayandwhite.com/wp-admin/9/

Extracted

Family

emotet

Botnet

Epoch2

C2

24.196.49.98:80

93.147.141.5:443

72.189.57.105:80

91.250.96.22:8080

37.187.72.193:8080

104.131.44.150:8080

167.71.10.37:8080

27.109.153.201:8090

105.247.123.133:8080

190.12.119.180:443

120.151.135.224:80

221.165.123.72:80

103.86.49.11:8080

178.237.139.83:8080

5.32.55.214:80

95.213.236.64:8080

189.203.177.41:443

78.24.219.147:8080

190.117.226.104:80

73.11.153.178:8080

rsa_pubkey.plain

Targets

- Target
  
  b67b28bd6bd0011b174ad203f013f28585cf54ad2bc0c5c065cbe8e046d77642
- Size
  
  243KB
- MD5
  
  eaed14c1333c1f2c4a628963035c1115
- SHA1
  
  8e8673c7668d28597baa79f417e9e807b5e2e81c
- SHA256
  
  b67b28bd6bd0011b174ad203f013f28585cf54ad2bc0c5c065cbe8e046d77642
- SHA512
  
  d2bdd9a1c78ee0225d3b8d6f44d50cfd8f9e6cf4c996fc5a1ac6294beb8afd474f37a96a364bdb6416664caf75b056989f72ece01984286689bfb846e1429f71
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
- Drops file in System32 directory
task1