emotet

General

Target

2c4b0f8d4c1eaa6adbac77b21a05ff32242cab116fc252c21c67fc0ab51ba110.doc
Size

133KB
Sample

200124-ek582jf2v2
MD5

80eea5dedbcecabb640887735f72a6ae
SHA1

525abf5e90fe911e48b9a875252d794e1d5cc35c
SHA256

2c4b0f8d4c1eaa6adbac77b21a05ff32242cab116fc252c21c67fc0ab51ba110
SHA512

9991c08fd04ee17a9d2089dfaf4b5b082b02f3c08e0e6b34b4ef7972f0244d0db5f95cd1ab9dc30b26627c29bc5177b38e6e43d9c3bd145aa3e8fd6df08cf1de

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://wpprimebox.com/support/D03jG8Ic/

exe.dropper

http://wp.ewa-iot.com/plesk/w9v13py/

exe.dropper

http://www.astrologerpanchmukhijyotish.com/wp-includes/ucflLPxgy/

exe.dropper

https://basepresupuestos.com/fonts/aq/

exe.dropper

https://camraiz.com/wp-admin/GIrEDD/

Extracted

Family

emotet

Botnet

Epoch2

C2

108.6.140.26:80

70.184.9.39:8080

222.144.13.169:80

45.55.65.123:8080

217.160.19.232:8080

176.9.43.37:8080

5.199.130.105:7080

202.175.121.202:8090

91.205.215.66:443

120.150.246.241:80

74.130.83.133:80

105.247.123.133:8080

190.12.119.180:443

37.187.72.193:8080

190.146.205.227:8080

200.21.90.5:443

206.189.112.148:8080

92.222.216.44:8080

24.94.237.248:80

2.237.76.249:80

rsa_pubkey.plain

Targets

- Target
  
  2c4b0f8d4c1eaa6adbac77b21a05ff32242cab116fc252c21c67fc0ab51ba110.doc
- Size
  
  133KB
- MD5
  
  80eea5dedbcecabb640887735f72a6ae
- SHA1
  
  525abf5e90fe911e48b9a875252d794e1d5cc35c
- SHA256
  
  2c4b0f8d4c1eaa6adbac77b21a05ff32242cab116fc252c21c67fc0ab51ba110
- SHA512
  
  9991c08fd04ee17a9d2089dfaf4b5b082b02f3c08e0e6b34b4ef7972f0244d0db5f95cd1ab9dc30b26627c29bc5177b38e6e43d9c3bd145aa3e8fd6df08cf1de
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
task1