emotet

General

Target

709515b23e5b747439017795a65815ee0b37983e8a39520cc541e85472a7095d
Size

253KB
Sample

200117-3x7fl2ypxn
MD5

0c4197d506665a8bddccd8afce399fb6
SHA1

95ba10caa2cb455e48d1448d61a7f6eee39e1944
SHA256

709515b23e5b747439017795a65815ee0b37983e8a39520cc541e85472a7095d
SHA512

88466fdb025fef67faac6a67e5e40cf95ce5d0728c765b3e218cba466ec523502891afebaf55a215d73a779685250d1261dc27a650a9e7e018999792ff52866a

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://oniongames.jp/contact/iY/

exe.dropper

http://pmthome.com/posta/dr3zxa/

exe.dropper

http://urgeventa.es/img/k35d9q/

exe.dropper

https://solmec.com.ar/sitio/nTXZomKCx/

exe.dropper

https://tiagocambara.com/cgi-bin/s96/

Extracted

Family

emotet

Botnet

Epoch2

C2

68.172.243.146:80

64.40.250.5:80

81.17.92.70:80

91.250.96.22:8080

37.187.72.193:8080

104.131.44.150:8080

167.71.10.37:8080

37.139.21.175:8080

73.11.153.178:8080

192.241.255.77:8080

91.205.215.66:443

201.229.45.222:8080

46.105.131.87:80

188.0.135.237:80

78.142.114.69:80

64.53.242.181:8080

93.147.141.5:443

101.187.134.207:8080

72.189.57.105:80

190.117.126.169:80

rsa_pubkey.plain

Targets

- Target
  
  709515b23e5b747439017795a65815ee0b37983e8a39520cc541e85472a7095d
- Size
  
  253KB
- MD5
  
  0c4197d506665a8bddccd8afce399fb6
- SHA1
  
  95ba10caa2cb455e48d1448d61a7f6eee39e1944
- SHA256
  
  709515b23e5b747439017795a65815ee0b37983e8a39520cc541e85472a7095d
- SHA512
  
  88466fdb025fef67faac6a67e5e40cf95ce5d0728c765b3e218cba466ec523502891afebaf55a215d73a779685250d1261dc27a650a9e7e018999792ff52866a
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
task1