emotet

General

Target

5c21b8911225705df6195bf0dbf4ed16a01ac8aec18c1b5041601abca1104a96
Size

247KB
Sample

200116-phfeq1n2le
MD5

470f00441094be2e3a092d02b1ae74fb
SHA1

234a05e5392ab39a91bf0df0fb728d4c42fefd56
SHA256

5c21b8911225705df6195bf0dbf4ed16a01ac8aec18c1b5041601abca1104a96
SHA512

17c7a676d0437f7abf64e0f08ef101d74af7cc23113376022fd00234558297019b8d0691fe2604a8d101c421dd74988ce095c7f0619bcfbe069bfbf3560a0d14

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://guilhermebasilio.com/wp-content/LH/

exe.dropper

http://pbs.onsisdev.info/wp-content/uploads/z8Jm5LOp/

exe.dropper

http://niuconstruction.net/toolsl/k7NjE10245/

exe.dropper

http://panvelpropertyproject.com/calendar/7g6f/7g6f/

exe.dropper

http://demo.artesfide.com/cgi-bin/SXllAKyx9u/

Extracted

Family

emotet

Botnet

Epoch1

C2

70.123.95.180:80

190.17.44.48:80

59.120.5.154:80

192.241.143.52:8080

159.65.241.220:8080

45.79.95.107:443

69.163.33.84:8080

181.36.42.205:443

113.190.254.245:80

190.195.129.227:8090

50.28.51.143:8080

204.225.249.100:7080

99.252.27.6:80

185.160.229.26:80

77.55.211.77:8080

68.187.160.28:443

152.231.89.226:80

86.123.138.76:80

82.196.15.205:8080

80.11.158.65:8080

rsa_pubkey.plain

Targets

- Target
  
  5c21b8911225705df6195bf0dbf4ed16a01ac8aec18c1b5041601abca1104a96
- Size
  
  247KB
- MD5
  
  470f00441094be2e3a092d02b1ae74fb
- SHA1
  
  234a05e5392ab39a91bf0df0fb728d4c42fefd56
- SHA256
  
  5c21b8911225705df6195bf0dbf4ed16a01ac8aec18c1b5041601abca1104a96
- SHA512
  
  17c7a676d0437f7abf64e0f08ef101d74af7cc23113376022fd00234558297019b8d0691fe2604a8d101c421dd74988ce095c7f0619bcfbe069bfbf3560a0d14
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
task1