emotet

General

Target

423b7b9ea002165c61b8db1259dd9bbad8a0dae6fc5401a591d206e01c4cbe05.doc
Size

133KB
Sample

200124-bwedvea6kn
MD5

9111c722e853016a9151ac15b19b12c1
SHA1

98658f547738cbec95e313b177dc7abd7002fff1
SHA256

423b7b9ea002165c61b8db1259dd9bbad8a0dae6fc5401a591d206e01c4cbe05
SHA512

d58b28c4b912eaae4c77723934bcdb9a8e3c68029bcc60a0612e625742ea11b73b3dc23ca3d8e14a6cf7892cdca40026a00728be65c6fcc1eb4e5ab2e1317db9

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://wpprimebox.com/support/D03jG8Ic/

exe.dropper

http://wp.ewa-iot.com/plesk/w9v13py/

exe.dropper

http://www.astrologerpanchmukhijyotish.com/wp-includes/ucflLPxgy/

exe.dropper

https://basepresupuestos.com/fonts/aq/

exe.dropper

https://camraiz.com/wp-admin/GIrEDD/

Extracted

Family

emotet

Botnet

Epoch2

C2

108.6.140.26:80

70.184.9.39:8080

222.144.13.169:80

45.55.65.123:8080

217.160.19.232:8080

176.9.43.37:8080

5.199.130.105:7080

202.175.121.202:8090

91.205.215.66:443

120.150.246.241:80

74.130.83.133:80

105.247.123.133:8080

190.12.119.180:443

37.187.72.193:8080

190.146.205.227:8080

200.21.90.5:443

206.189.112.148:8080

92.222.216.44:8080

24.94.237.248:80

2.237.76.249:80

rsa_pubkey.plain

Targets

- Target
  
  423b7b9ea002165c61b8db1259dd9bbad8a0dae6fc5401a591d206e01c4cbe05.doc
- Size
  
  133KB
- MD5
  
  9111c722e853016a9151ac15b19b12c1
- SHA1
  
  98658f547738cbec95e313b177dc7abd7002fff1
- SHA256
  
  423b7b9ea002165c61b8db1259dd9bbad8a0dae6fc5401a591d206e01c4cbe05
- SHA512
  
  d58b28c4b912eaae4c77723934bcdb9a8e3c68029bcc60a0612e625742ea11b73b3dc23ca3d8e14a6cf7892cdca40026a00728be65c6fcc1eb4e5ab2e1317db9
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
- Drops file in System32 directory
task1