emotet

General

Target

c984833db58812ed08f1b0560576ec19bfec60b0a8103292c206042ef12007fc
Size

245KB
Sample

200117-vf11ag677a
MD5

390bf5b77fc9c164be934a2f12be7a36
SHA1

fb8a2b7b10b82dee2509c68d1ce66f9674be0f32
SHA256

c984833db58812ed08f1b0560576ec19bfec60b0a8103292c206042ef12007fc
SHA512

dfcea8972d66e3bdee273af26ad1add17c0fd6fdd4d072672277df8eaac704d7dc67cd6f0d699fd232f009c08190e3e99ac6a076efd458125fcae0d6ccaaa406

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://amelano.net/wp-includes/css/dist/2ew/

exe.dropper

http://911concept.com/images/i6ngX5/

exe.dropper

http://ayonschools.com/UBkoqn/

exe.dropper

http://beech.org/wayne/lldo/

exe.dropper

http://firelabo.com/wp-includes/mf6f4/

Extracted

Family

emotet

Botnet

Epoch2

C2

68.172.243.146:80

64.40.250.5:80

81.17.92.70:80

91.250.96.22:8080

37.187.72.193:8080

104.131.44.150:8080

167.71.10.37:8080

37.139.21.175:8080

73.11.153.178:8080

192.241.255.77:8080

91.205.215.66:443

201.229.45.222:8080

46.105.131.87:80

188.0.135.237:80

78.142.114.69:80

64.53.242.181:8080

93.147.141.5:443

101.187.134.207:8080

72.189.57.105:80

190.117.126.169:80

rsa_pubkey.plain

Targets

- Target
  
  c984833db58812ed08f1b0560576ec19bfec60b0a8103292c206042ef12007fc
- Size
  
  245KB
- MD5
  
  390bf5b77fc9c164be934a2f12be7a36
- SHA1
  
  fb8a2b7b10b82dee2509c68d1ce66f9674be0f32
- SHA256
  
  c984833db58812ed08f1b0560576ec19bfec60b0a8103292c206042ef12007fc
- SHA512
  
  dfcea8972d66e3bdee273af26ad1add17c0fd6fdd4d072672277df8eaac704d7dc67cd6f0d699fd232f009c08190e3e99ac6a076efd458125fcae0d6ccaaa406
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
- Drops file in System32 directory
task1