emotet

General

Target

79073477216da5244bd8d2ab2053f21b26e57675d1a507dabd194134c27bd148
Size

237KB
Sample

200120-m9q6xhbvzn
MD5

8040b44ec55cfcbb3372a17db3220d38
SHA1

8712cb9d443dca62a13d9e578bdd547440984472
SHA256

79073477216da5244bd8d2ab2053f21b26e57675d1a507dabd194134c27bd148
SHA512

f0288dce2d52d7c5b7071da1d5cb11690f22c8bb513d69c856eb14481ddf0e7a0c137d9abfc1ea59733e54a53536f72c3045d1f38b31f8e38d4692d24d313769

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://sanketpatil.online/wp-includes/rBhbqf/

exe.dropper

http://deals.autostar.com.sa/wp-admin/tnibbgr-7y3i2-4052100/

exe.dropper

http://activatemagicsjacks.xyz/wp-admin/pzp2my-a4ma-335/

exe.dropper

http://heminghao.club/phpmyadmin/bos25l-sisvzsm-51/

exe.dropper

http://redbeat.club/wp-snapshots/fzAArnYv/

Extracted

Family

emotet

Botnet

Epoch3

C2

98.192.74.164:80

59.135.126.129:443

24.70.40.15:8080

178.33.167.120:8080

144.76.56.36:8080

176.58.93.123:80

51.38.134.203:8080

58.92.179.55:443

190.201.144.85:7080

201.183.251.100:80

192.210.217.94:8080

14.161.30.33:443

212.112.113.235:80

23.253.207.142:8080

1.217.126.11:443

61.221.152.140:80

78.189.165.52:8080

149.202.153.251:8080

91.73.169.210:80

212.129.14.27:8080

rsa_pubkey.plain

Targets

- Target
  
  79073477216da5244bd8d2ab2053f21b26e57675d1a507dabd194134c27bd148
- Size
  
  237KB
- MD5
  
  8040b44ec55cfcbb3372a17db3220d38
- SHA1
  
  8712cb9d443dca62a13d9e578bdd547440984472
- SHA256
  
  79073477216da5244bd8d2ab2053f21b26e57675d1a507dabd194134c27bd148
- SHA512
  
  f0288dce2d52d7c5b7071da1d5cb11690f22c8bb513d69c856eb14481ddf0e7a0c137d9abfc1ea59733e54a53536f72c3045d1f38b31f8e38d4692d24d313769
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
- Drops file in System32 directory
task1