emotet

General

Target

4c5b70ce5e0c105f0e22164fb8889b602261d94c50fae8caff0ace7e780f7367
Size

297KB
Sample

200121-wsb6xgr2q6
MD5

a2e2e8aa3150207c849a5695981a4a1e
SHA1

1ea18f290bdf6ce900dae5dcc6ba666c0c8afd5a
SHA256

4c5b70ce5e0c105f0e22164fb8889b602261d94c50fae8caff0ace7e780f7367
SHA512

452c0969c06d1a19d6ad95da738b6cb8bb72c6436a203b5fef28ecc811db744f6573e12327865f97ebc6df1388fcd389ed665362c93db9abb8fcdc10175b16f4

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://hawkeyesss.com/wp-content/r3d3hdjgnc-om4bkcvea-3543/

exe.dropper

http://lookings.in/blog/xGJncTpch/

exe.dropper

http://developer.md-partners.co.jp/UI/doCYRSxq/

exe.dropper

http://e-twow.es/wp-content/dJilYkPOF/

exe.dropper

http://bjenkins.webview.consulting/writer/3r09yemm-0uxjh-3049/

Extracted

Family

emotet

Botnet

Epoch3

C2

81.214.253.80:443

98.15.140.226:80

180.33.71.88:80

178.33.167.120:8080

144.76.56.36:8080

176.58.93.123:80

51.38.134.203:8080

196.6.119.137:80

82.79.244.92:80

175.181.7.188:80

183.87.40.21:8080

201.183.251.100:80

91.73.169.210:80

188.251.213.180:443

110.142.161.90:80

177.144.130.105:443

106.248.79.174:80

70.45.30.28:80

187.72.47.161:443

185.244.167.25:443

rsa_pubkey.plain

Targets

- Target
  
  4c5b70ce5e0c105f0e22164fb8889b602261d94c50fae8caff0ace7e780f7367
- Size
  
  297KB
- MD5
  
  a2e2e8aa3150207c849a5695981a4a1e
- SHA1
  
  1ea18f290bdf6ce900dae5dcc6ba666c0c8afd5a
- SHA256
  
  4c5b70ce5e0c105f0e22164fb8889b602261d94c50fae8caff0ace7e780f7367
- SHA512
  
  452c0969c06d1a19d6ad95da738b6cb8bb72c6436a203b5fef28ecc811db744f6573e12327865f97ebc6df1388fcd389ed665362c93db9abb8fcdc10175b16f4
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
- Drops file in System32 directory
task1