emotet

General

Target

7fa223be816eecc1cb7c1193221b48e9168524b565439f844ee97934774953eb
Size

245KB
Sample

200117-k9tevke94x
MD5

da85522611be8af52870566a0326ba2a
SHA1

a1a7e3e5773e0e1dafe6616bd457e8494ad3f914
SHA256

7fa223be816eecc1cb7c1193221b48e9168524b565439f844ee97934774953eb
SHA512

c801fa7da704f62ea0720032a4c30f09b99a2f4a54c3fd2d036a602f049a38cb4caba87b19dd3123d61bebf8c8791ba65edbdd6b167c0bee8e42195d26bb1cc6

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://amelano.net/wp-includes/css/dist/2ew/

exe.dropper

http://911concept.com/images/i6ngX5/

exe.dropper

http://ayonschools.com/UBkoqn/

exe.dropper

http://beech.org/wayne/lldo/

exe.dropper

http://firelabo.com/wp-includes/mf6f4/

Extracted

Family

emotet

Botnet

Epoch2

C2

68.172.243.146:80

64.40.250.5:80

81.17.92.70:80

91.250.96.22:8080

37.187.72.193:8080

104.131.44.150:8080

167.71.10.37:8080

37.139.21.175:8080

73.11.153.178:8080

192.241.255.77:8080

91.205.215.66:443

201.229.45.222:8080

46.105.131.87:80

188.0.135.237:80

78.142.114.69:80

64.53.242.181:8080

93.147.141.5:443

101.187.134.207:8080

72.189.57.105:80

190.117.126.169:80

rsa_pubkey.plain

Targets

- Target
  
  7fa223be816eecc1cb7c1193221b48e9168524b565439f844ee97934774953eb
- Size
  
  245KB
- MD5
  
  da85522611be8af52870566a0326ba2a
- SHA1
  
  a1a7e3e5773e0e1dafe6616bd457e8494ad3f914
- SHA256
  
  7fa223be816eecc1cb7c1193221b48e9168524b565439f844ee97934774953eb
- SHA512
  
  c801fa7da704f62ea0720032a4c30f09b99a2f4a54c3fd2d036a602f049a38cb4caba87b19dd3123d61bebf8c8791ba65edbdd6b167c0bee8e42195d26bb1cc6
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
- Drops file in System32 directory
task1