emotet

General

Target

a75b4543e3b4642d10f8502ce285ed96435e9cd59d0191c377c9aa7ab5cd6400
Size

286KB
Sample

200122-nbzc1jv8da
MD5

a2952ade339ab3a6e1b519ef0fd3dda1
SHA1

aeaacba2685ed967d1117f916963cbea67a1483e
SHA256

a75b4543e3b4642d10f8502ce285ed96435e9cd59d0191c377c9aa7ab5cd6400
SHA512

245d2a68d71b4766ca3b19f2975aad8c66f0847bde0afa36e67d30321fc0c09cb3c338829f24564efe400d5a5bb0f478453b7575538ace4bf9a50880196a9db9

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://trangvang.info.vn/home/poIc7l/

exe.dropper

https://www.flybuys.net/libraries/xes/

exe.dropper

http://informatic-club.com/language/y/

exe.dropper

http://demo.stickypost.io/wp-admin/g/

exe.dropper

https://www.drivertrainerschool.com.au/logs/RYJPgrKOJ/

Extracted

Family

emotet

Botnet

Epoch2

C2

68.114.229.171:80

74.101.225.121:443

152.168.248.128:443

217.160.19.232:8080

176.9.43.37:8080

5.199.130.105:7080

37.187.72.193:8080

68.172.243.146:80

181.143.126.170:80

108.191.2.72:80

85.152.174.56:80

101.187.197.33:443

121.88.5.176:443

189.203.177.41:443

78.186.5.109:443

66.34.201.20:7080

209.141.54.221:8080

181.126.70.117:80

87.106.136.232:8080

181.13.24.82:80

rsa_pubkey.plain

Targets

- Target
  
  a75b4543e3b4642d10f8502ce285ed96435e9cd59d0191c377c9aa7ab5cd6400
- Size
  
  286KB
- MD5
  
  a2952ade339ab3a6e1b519ef0fd3dda1
- SHA1
  
  aeaacba2685ed967d1117f916963cbea67a1483e
- SHA256
  
  a75b4543e3b4642d10f8502ce285ed96435e9cd59d0191c377c9aa7ab5cd6400
- SHA512
  
  245d2a68d71b4766ca3b19f2975aad8c66f0847bde0afa36e67d30321fc0c09cb3c338829f24564efe400d5a5bb0f478453b7575538ace4bf9a50880196a9db9
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
task1