emotet

General

Target

75fd1fa481e2e0d76197587398b4125b4b7448c7afbd61ec72708a4ef0c76e13
Size

245KB
Sample

200116-x8f6telb86
MD5

368c3051181c26613817983f4a54d5ed
SHA1

eb3cea78e62607cf3fa672522a1b4fb63e3c5755
SHA256

75fd1fa481e2e0d76197587398b4125b4b7448c7afbd61ec72708a4ef0c76e13
SHA512

446c6a3643f78682d01b2643ba0ea40e6df0cd21d6e5f47a67645952c27cf8fbfb0a7eef0cc0883def6f822e1cca624b98cdba727290395e72422446e4ef39d0

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://ajhmanamlak.com/wp-content/rcz9/

exe.dropper

http://maphagroup.com/wp-admin/mtq/

exe.dropper

http://www.meggie-jp.com/images/Tznj/

exe.dropper

http://giatlalaocai.com/wp-admin/Yz98SWY6/

exe.dropper

https://www.nnjastudio.com/wp-admin/xHjsw/

Extracted

Family

emotet

Botnet

Epoch2

C2

68.172.243.146:80

64.40.250.5:80

81.17.92.70:80

91.250.96.22:8080

37.187.72.193:8080

104.131.44.150:8080

167.71.10.37:8080

37.139.21.175:8080

73.11.153.178:8080

192.241.255.77:8080

91.205.215.66:443

201.229.45.222:8080

46.105.131.87:80

188.0.135.237:80

78.142.114.69:80

64.53.242.181:8080

93.147.141.5:443

101.187.134.207:8080

72.189.57.105:80

190.117.126.169:80

rsa_pubkey.plain

Targets

- Target
  
  75fd1fa481e2e0d76197587398b4125b4b7448c7afbd61ec72708a4ef0c76e13
- Size
  
  245KB
- MD5
  
  368c3051181c26613817983f4a54d5ed
- SHA1
  
  eb3cea78e62607cf3fa672522a1b4fb63e3c5755
- SHA256
  
  75fd1fa481e2e0d76197587398b4125b4b7448c7afbd61ec72708a4ef0c76e13
- SHA512
  
  446c6a3643f78682d01b2643ba0ea40e6df0cd21d6e5f47a67645952c27cf8fbfb0a7eef0cc0883def6f822e1cca624b98cdba727290395e72422446e4ef39d0
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
- Drops file in System32 directory
task1