emotet

General

Target

304ba010ff550b5b17f73a8fb4fc9f767506cfbf7968703a73f2282ceeeeacda.doc
Size

135KB
Sample

200125-6jfdcptq5n
MD5

48e976f520148fe42f1f72b67a5ec427
SHA1

6832e46e7bafce3fdf1de19efd2b617ce10d828e
SHA256

304ba010ff550b5b17f73a8fb4fc9f767506cfbf7968703a73f2282ceeeeacda
SHA512

faea8c03675e68acd7f37cb574f08e17d010ade115228c92481c53549a0c80daeba9e8eba4befe6de7ba52986e0190cc480254f6dd8bb00ec3307efd3476183c

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://www.yuzemin.com/wp-admin/2dWf/

exe.dropper

https://lmheritage.com/wp-content/6Vh5hy7QE7/

exe.dropper

http://www.videract.com/pnllsek25ksj/Fnw81309/

exe.dropper

http://www.theophile-ministere.com/cgi-bin/vLG0JG7N/

exe.dropper

https://icm.company/cgi-bin/c142/

Extracted

Family

emotet

Botnet

Epoch1

C2

186.138.186.74:443

190.24.243.186:80

68.174.15.223:80

68.183.170.114:8080

45.79.95.107:443

192.241.143.52:8080

159.65.241.220:8080

142.93.114.137:8080

70.123.95.180:80

62.75.143.100:7080

91.242.136.103:80

109.169.86.13:8080

202.62.39.111:80

181.231.220.232:80

188.216.24.204:80

86.42.166.147:80

186.15.83.52:8080

178.79.163.131:8080

114.109.179.60:80

110.170.65.146:80

rsa_pubkey.plain

Targets

- Target
  
  304ba010ff550b5b17f73a8fb4fc9f767506cfbf7968703a73f2282ceeeeacda.doc
- Size
  
  135KB
- MD5
  
  48e976f520148fe42f1f72b67a5ec427
- SHA1
  
  6832e46e7bafce3fdf1de19efd2b617ce10d828e
- SHA256
  
  304ba010ff550b5b17f73a8fb4fc9f767506cfbf7968703a73f2282ceeeeacda
- SHA512
  
  faea8c03675e68acd7f37cb574f08e17d010ade115228c92481c53549a0c80daeba9e8eba4befe6de7ba52986e0190cc480254f6dd8bb00ec3307efd3476183c
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
task1