emotet

General

Target

b11552555d3671f3b68f20d7c741b2c779473a8186714101dd09198621f5870c.doc
Size

132KB
Sample

200125-fmjr9zb4ax
MD5

87def68e8f31e71ef158762fdabe7441
SHA1

ec110b7acf8d33682a47d6d6509312d6cf2e47b2
SHA256

b11552555d3671f3b68f20d7c741b2c779473a8186714101dd09198621f5870c
SHA512

db74d2e5d72ff6c2b12a1573d751d263da4087c75d8a97ef6a951ffd925381e7b846ff47deff9d1740b7ba4701febdc7fd03b0f09b6ddc94308c11da3e774127

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://jfedemo.dubondinfotech.com/update/Pyk083185/

exe.dropper

http://tourntreksolutions.com/wp/Ep705353/

exe.dropper

http://www.norcalit.in/norcalit/LnRrJLHdLX/

exe.dropper

https://bncc.ac.th/wp/wp-admin/UPoKJl/

exe.dropper

http://www.blue-port.jp/x7d/EQqT4756/

Extracted

Family

emotet

Botnet

Epoch1

C2

186.138.186.74:443

190.24.243.186:80

68.174.15.223:80

68.183.170.114:8080

45.79.95.107:443

192.241.143.52:8080

159.65.241.220:8080

142.93.114.137:8080

70.123.95.180:80

62.75.143.100:7080

91.242.136.103:80

109.169.86.13:8080

202.62.39.111:80

181.231.220.232:80

188.216.24.204:80

86.42.166.147:80

186.15.83.52:8080

178.79.163.131:8080

114.109.179.60:80

110.170.65.146:80

rsa_pubkey.plain

Targets

- Target
  
  b11552555d3671f3b68f20d7c741b2c779473a8186714101dd09198621f5870c.doc
- Size
  
  132KB
- MD5
  
  87def68e8f31e71ef158762fdabe7441
- SHA1
  
  ec110b7acf8d33682a47d6d6509312d6cf2e47b2
- SHA256
  
  b11552555d3671f3b68f20d7c741b2c779473a8186714101dd09198621f5870c
- SHA512
  
  db74d2e5d72ff6c2b12a1573d751d263da4087c75d8a97ef6a951ffd925381e7b846ff47deff9d1740b7ba4701febdc7fd03b0f09b6ddc94308c11da3e774127
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
- Drops file in System32 directory
task1