emotet

General

Target

303c8cab49172d2674a871a36d1fa2b8afd490e7ec623ebfba7776a86520c3a4
Size

255KB
Sample

200117-sgcmgqak3x
MD5

214cb7b5df2bab06731980b5b7830bb5
SHA1

ceb0ba7ccacbb76dd682070833a0aa7d1bf96a08
SHA256

303c8cab49172d2674a871a36d1fa2b8afd490e7ec623ebfba7776a86520c3a4
SHA512

4072e002a8724b16dbc421bcb7c4ad5dff8c96fb32e0261b39ba0efaa1ead47ec37cc767c6599929c360ff2bc0c12de360e5cb1c937515ee414e61e82642b3aa

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://kiziltepeakyuzrehabilitasyon.com/wp-includes/69n2/

exe.dropper

http://sitesetup.cindydonovan.com/wp-admin/81ynglg/

exe.dropper

https://jaberevents.com/y48h/

exe.dropper

https://shopdinhviviettel.com/wp-content/pwhm6p/

exe.dropper

https://marshalgroup.org/wp-content/uploads/dh1/

Extracted

Family

emotet

Botnet

Epoch2

C2

100.6.23.40:80

200.71.200.4:443

190.114.244.182:443

91.250.96.22:8080

37.187.72.193:8080

104.131.44.150:8080

167.71.10.37:8080

110.36.217.66:8080

206.81.10.215:8080

93.147.141.5:443

60.250.78.22:443

92.222.216.44:8080

95.213.236.64:8080

27.109.153.201:8090

66.7.242.50:8080

5.196.74.210:8080

181.143.126.170:80

209.97.168.52:8080

206.189.112.148:8080

64.53.242.181:8080

rsa_pubkey.plain

Targets

- Target
  
  303c8cab49172d2674a871a36d1fa2b8afd490e7ec623ebfba7776a86520c3a4
- Size
  
  255KB
- MD5
  
  214cb7b5df2bab06731980b5b7830bb5
- SHA1
  
  ceb0ba7ccacbb76dd682070833a0aa7d1bf96a08
- SHA256
  
  303c8cab49172d2674a871a36d1fa2b8afd490e7ec623ebfba7776a86520c3a4
- SHA512
  
  4072e002a8724b16dbc421bcb7c4ad5dff8c96fb32e0261b39ba0efaa1ead47ec37cc767c6599929c360ff2bc0c12de360e5cb1c937515ee414e61e82642b3aa
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
- Drops file in System32 directory
task1