emotet

General

Target

4b3526d436b61ea105e5200c575036f5e105a00e3c941f5e2d40efb75ed41810.doc
Size

132KB
Sample

200129-cn3cfq8a16
MD5

4fc72cb63aeeb51c01f7d5cbb108cf44
SHA1

b59a692b68e7e16609e9132753e6aa5bd179b415
SHA256

4b3526d436b61ea105e5200c575036f5e105a00e3c941f5e2d40efb75ed41810
SHA512

84e2b464dd8cf2ecf5096edac95c7fe66b4fdba919335d1b7eea015885bba50daef933c59efdbf696cffb5a9b6b0f0416dd1bb6c2f4667390781830fc3328e56

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://www.ballfeverls.com/wp-includes/ludq630466/

exe.dropper

https://pediastudios.com/kjumlx/iZvP1075153/

exe.dropper

https://tuwanjiang.com/gjwpag/m3FcKU2/

exe.dropper

https://bhutanwelfaretraders.bt/cgi-bin/7nrI/

exe.dropper

http://125.99.60.171/cssi_api/1NswnK/

Extracted

Family

emotet

Botnet

Epoch1

C2

70.184.112.55:80

5.34.158.102:80

144.139.91.187:80

104.236.161.64:8080

89.19.20.202:443

12.162.84.2:8080

74.50.51.115:7080

172.104.169.32:8080

177.188.121.26:443

89.32.150.160:8080

177.103.159.44:80

87.106.46.107:8080

188.135.15.49:80

31.16.195.72:80

119.59.124.163:8080

113.190.254.245:80

77.55.211.77:8080

187.54.225.76:80

200.45.187.90:80

5.196.35.138:7080

rsa_pubkey.plain

Targets

- Target
  
  4b3526d436b61ea105e5200c575036f5e105a00e3c941f5e2d40efb75ed41810.doc
- Size
  
  132KB
- MD5
  
  4fc72cb63aeeb51c01f7d5cbb108cf44
- SHA1
  
  b59a692b68e7e16609e9132753e6aa5bd179b415
- SHA256
  
  4b3526d436b61ea105e5200c575036f5e105a00e3c941f5e2d40efb75ed41810
- SHA512
  
  84e2b464dd8cf2ecf5096edac95c7fe66b4fdba919335d1b7eea015885bba50daef933c59efdbf696cffb5a9b6b0f0416dd1bb6c2f4667390781830fc3328e56
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
- Drops file in System32 directory
task1