emotet

General

Target

074ec6f9a2776114bc1d9e2da2250b73417843b3357ada6f17a5f4b606ab9a91
Size

285KB
Sample

200122-8sdwrbvmfj
MD5

86e92ee43dee2cf5163db491ebb2c64c
SHA1

1694bee15ca99db9c778c975a3d297abc7205c45
SHA256

074ec6f9a2776114bc1d9e2da2250b73417843b3357ada6f17a5f4b606ab9a91
SHA512

384918b3f230674376d866266bab2ae1625f11f03a5ee80073e060efe0b026da38ebca94f2caa7f4f303a98ef28de3855348559fa43d4a5a0898363c5cb32fd6

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://cxlit.com/wp-admin/SjM/

exe.dropper

http://johncharlesdental.com.au/wp-content/6DVi/

exe.dropper

http://www.kongtoubi.org/wp-includes/hiLAx/

exe.dropper

http://maruka-dev.herokuapp.com/wp-includes/msuft/

exe.dropper

http://ceylonsri.com/cgi-bin/5n6jdz/

Extracted

Family

emotet

Botnet

Epoch2

C2

68.114.229.171:80

74.101.225.121:443

152.168.248.128:443

217.160.19.232:8080

176.9.43.37:8080

5.199.130.105:7080

37.187.72.193:8080

68.172.243.146:80

181.143.126.170:80

108.191.2.72:80

85.152.174.56:80

101.187.197.33:443

121.88.5.176:443

189.203.177.41:443

78.186.5.109:443

66.34.201.20:7080

209.141.54.221:8080

181.126.70.117:80

87.106.136.232:8080

181.13.24.82:80

rsa_pubkey.plain

Targets

- Target
  
  074ec6f9a2776114bc1d9e2da2250b73417843b3357ada6f17a5f4b606ab9a91
- Size
  
  285KB
- MD5
  
  86e92ee43dee2cf5163db491ebb2c64c
- SHA1
  
  1694bee15ca99db9c778c975a3d297abc7205c45
- SHA256
  
  074ec6f9a2776114bc1d9e2da2250b73417843b3357ada6f17a5f4b606ab9a91
- SHA512
  
  384918b3f230674376d866266bab2ae1625f11f03a5ee80073e060efe0b026da38ebca94f2caa7f4f303a98ef28de3855348559fa43d4a5a0898363c5cb32fd6
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
- Drops file in System32 directory
task1