emotet

General

Target

0854d5a8ba17e65aef32385c9680d29b0bf5f82a486b44ffb80fda5c8fc8fb77.doc
Size

133KB
Sample

200125-xy6855e7gj
MD5

b38c2f1e0ccdd332595941cdfded77be
SHA1

9820f8ca7bba5b97f11da34e52fe0cd82199fe7c
SHA256

0854d5a8ba17e65aef32385c9680d29b0bf5f82a486b44ffb80fda5c8fc8fb77
SHA512

c652c54e51541f5198f23b63b3fe14e4a3bf515a22dcf469f0c9eca29b989f7c8a45d6f048849e09c10b097a9b49fc14a217efe63f1fffcfc0c0bd39f74d98ae

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://clocktowercommunications.com/wp-admin/sre9o6j/

exe.dropper

http://film.dmndr.com/calendar/5g721n/

exe.dropper

http://fytfashion.com/elp/fveUMMjD/

exe.dropper

https://testremix.com/wp-content/SqSAvU1x/

exe.dropper

https://www.solelyfurniture.com/wp-includes/20/

Extracted

Family

emotet

Botnet

Epoch2

C2

70.180.35.211:80

74.108.124.180:80

85.105.205.77:8080

23.92.16.164:8080

45.55.65.123:8080

217.160.19.232:8080

176.9.43.37:8080

59.103.164.174:80

70.184.9.39:8080

202.175.121.202:8090

62.75.187.192:8080

217.160.182.191:8080

201.184.105.242:443

78.142.114.69:80

159.65.25.128:8080

104.236.246.93:8080

152.168.248.128:443

24.105.202.216:443

121.88.5.176:443

92.222.216.44:8080

rsa_pubkey.plain

Targets

- Target
  
  0854d5a8ba17e65aef32385c9680d29b0bf5f82a486b44ffb80fda5c8fc8fb77.doc
- Size
  
  133KB
- MD5
  
  b38c2f1e0ccdd332595941cdfded77be
- SHA1
  
  9820f8ca7bba5b97f11da34e52fe0cd82199fe7c
- SHA256
  
  0854d5a8ba17e65aef32385c9680d29b0bf5f82a486b44ffb80fda5c8fc8fb77
- SHA512
  
  c652c54e51541f5198f23b63b3fe14e4a3bf515a22dcf469f0c9eca29b989f7c8a45d6f048849e09c10b097a9b49fc14a217efe63f1fffcfc0c0bd39f74d98ae
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
- Drops file in System32 directory
task1