emotet

General

Target

9ab92e41150dd1c132be3b79097a4b4fff2a151a9a5d77bd3e0aaeb41a5b862b.doc
Size

132KB
Sample

200129-s31j4whpy6
MD5

63ec88fedc2db0a376247c529d9e306d
SHA1

cf16a026b9c6474432ade6ca47c52fa101656413
SHA256

9ab92e41150dd1c132be3b79097a4b4fff2a151a9a5d77bd3e0aaeb41a5b862b
SHA512

71c169796b32fbc7f3e242d6bad4339947f48eefb253d083fc9bf84d067ddf22df554be4a4419161079cc4ff8db02b7ed35f83a99269589292c358399707bf24

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://bestcondodeals.net/wp-content/mYdUiWX/

exe.dropper

http://bpbd.tabalongkab.go.id/cgi-bin/IBEHVS/

exe.dropper

http://cajasparabotella.com/onptlekdj24sf/YtgArZrn/

exe.dropper

http://boardgamesofold.com/wp-admin/a9illa9n-xzmtn3d4q5-1767396/

exe.dropper

http://ashishswarup.in/wp-includes/xovzx5w-4avccc6-572705647/

Extracted

Family

emotet

Botnet

Epoch3

C2

186.10.98.177:80

154.70.158.97:80

95.66.182.136:80

68.183.18.169:8080

178.62.75.204:8080

178.33.167.120:8080

144.76.56.36:8080

61.204.119.188:443

163.172.107.70:8080

156.155.163.232:80

91.117.31.181:80

153.183.25.24:80

110.2.118.164:80

195.250.143.182:80

162.154.175.215:80

50.116.78.109:8080

72.176.87.136:80

184.162.115.11:443

37.70.131.107:80

181.39.96.86:443

rsa_pubkey.plain

Targets

- Target
  
  9ab92e41150dd1c132be3b79097a4b4fff2a151a9a5d77bd3e0aaeb41a5b862b.doc
- Size
  
  132KB
- MD5
  
  63ec88fedc2db0a376247c529d9e306d
- SHA1
  
  cf16a026b9c6474432ade6ca47c52fa101656413
- SHA256
  
  9ab92e41150dd1c132be3b79097a4b4fff2a151a9a5d77bd3e0aaeb41a5b862b
- SHA512
  
  71c169796b32fbc7f3e242d6bad4339947f48eefb253d083fc9bf84d067ddf22df554be4a4419161079cc4ff8db02b7ed35f83a99269589292c358399707bf24
Score

10^/10

trojan banker emotet
- Emotet
  Emotet is a trojan that is primarily spread through spam emails
  trojan banker emotet
- Process spawned unexpected child process
- Executes dropped EXE
- Drops file in System32 directory
task1