Description
Emotet is a trojan that is primarily spread through spam emails.
8a7c7754_OUZnG00tUJ
176KB
210913-kwg75agdgp
8a7c7754300dab0670eaf86357a5463d
6feb3edf05a2170772cdaef20d76b7e8e07c7b81
e9325a711e0f6f605b85898c5b507d4320e1f1dc672c68172b06cda359b5107e
3075f82c4530f5b9681c5b4979faf04fee0f82af288556c97b3e534abdac8290937af2f6e915f49625f9c0b4f6375b565eb9ef8aacb548ea0a29068ecad51eb2
Language | ps1 |
Source |
|
URLs |
exe.dropper
https://santyago.org/wp-content/0mcYS6/ exe.dropperhttp://dandyair.com/font-awesome/rOOAL/ exe.dropperhttps://www.tekadbatam.com/wp-content/AUiw/ exe.dropperhttp://kellymorganscience.com/wp-content/SCsWM/ exe.dropperhttps://tewoerd.eu/img/DALSKE/ exe.dropperhttp://mediainmedia.com/plugin_opencart2.3-master/Atye/ exe.dropperhttp://nuwagi.com/old/XLGjc/ |
Family | emotet |
Botnet | Epoch2 |
C2 |
71.72.196.159:80 134.209.36.254:8080 120.138.30.150:8080 94.23.216.33:80 157.245.99.39:8080 137.59.187.107:8080 94.23.237.171:443 61.19.246.238:443 156.155.166.221:80 50.35.17.13:80 153.137.36.142:80 91.211.88.52:7080 209.141.54.221:8080 185.94.252.104:443 174.45.13.118:80 87.106.136.232:8080 62.75.141.82:80 213.196.135.145:80 188.219.31.12:80 82.80.155.43:80 187.161.206.24:80 172.91.208.86:80 124.41.215.226:80 107.5.122.110:80 200.123.150.89:443 95.179.229.244:8080 83.169.36.251:8080 1.221.254.82:80 95.213.236.64:8080 181.169.34.190:80 47.144.21.12:443 203.153.216.189:7080 89.216.122.92:80 84.39.182.7:80 94.200.114.161:80 104.236.246.93:8080 139.99.158.11:443 176.111.60.55:8080 78.24.219.147:8080 220.245.198.194:80 62.30.7.67:443 139.162.108.71:8080 104.32.141.43:80 153.232.188.106:80 93.147.212.206:80 79.137.83.50:443 96.249.236.156:443 24.43.99.75:80 75.80.124.4:80 42.200.107.142:80 |
rsa_pubkey.plain |
|
8a7c7754_OUZnG00tUJ
8a7c7754300dab0670eaf86357a5463d
176KB
6feb3edf05a2170772cdaef20d76b7e8e07c7b81
e9325a711e0f6f605b85898c5b507d4320e1f1dc672c68172b06cda359b5107e
3075f82c4530f5b9681c5b4979faf04fee0f82af288556c97b3e534abdac8290937af2f6e915f49625f9c0b4f6375b565eb9ef8aacb548ea0a29068ecad51eb2
Emotet is a trojan that is primarily spread through spam emails.
This typically indicates the parent process was compromised via an exploit or macro.
Detects Emotet payload in memory.