emotet

General

Target

2bbb79dcbacd77c823570a51bff214c9a7f283b88d1b0f9a993c44a92a7e3ee5
Size

253KB
Sample

200118-lr82fgamax
MD5

eb086805532dd362af17fdd4ec766a5c
SHA1

c4c5fd4c502d97cffa23f6d798af1e96cfb6ce7b
SHA256

2bbb79dcbacd77c823570a51bff214c9a7f283b88d1b0f9a993c44a92a7e3ee5
SHA512

a37b6d23972df729e76aa43857ac0495fc084ab5b3ee719b133147762c3990b0528369a831b0734e018494d75f927ee049787af953e13dff893a5df0bd7ecb29

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://www.bluedream.al/calendar/r83g9/

exe.dropper

http://myphamthanhbinh.net/wp-content/uploads/qDq/

exe.dropper

http://sfmac.biz/calendar/K1a/

exe.dropper

https://www.cometprint.net/cgi-bin/q/

exe.dropper

http://www.mjmechanical.com/wp-includes/ddy/

Extracted

Family

emotet

Botnet

Epoch2

C2

100.6.23.40:80

200.71.200.4:443

190.114.244.182:443

91.250.96.22:8080

37.187.72.193:8080

104.131.44.150:8080

167.71.10.37:8080

110.36.217.66:8080

206.81.10.215:8080

93.147.141.5:443

60.250.78.22:443

92.222.216.44:8080

95.213.236.64:8080

27.109.153.201:8090

66.7.242.50:8080

5.196.74.210:8080

181.143.126.170:80

209.97.168.52:8080

206.189.112.148:8080

64.53.242.181:8080

rsa_pubkey.plain

Targets

- Target
  
  2bbb79dcbacd77c823570a51bff214c9a7f283b88d1b0f9a993c44a92a7e3ee5
- Size
  
  253KB
- MD5
  
  eb086805532dd362af17fdd4ec766a5c
- SHA1
  
  c4c5fd4c502d97cffa23f6d798af1e96cfb6ce7b
- SHA256
  
  2bbb79dcbacd77c823570a51bff214c9a7f283b88d1b0f9a993c44a92a7e3ee5
- SHA512
  
  a37b6d23972df729e76aa43857ac0495fc084ab5b3ee719b133147762c3990b0528369a831b0734e018494d75f927ee049787af953e13dff893a5df0bd7ecb29
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
- Drops file in System32 directory
task1