Win32/Emotet - Banking trojan

Forum for analysis and discussion about malware.
sysopfb
Posts: 97
Joined: Thu Oct 23, 2014 1:22 am
Contact:

Re: Win32/Emotet - Banking trojan

Post by sysopfb » Thu Nov 16, 2017 1:09 am

Magical builtin hijack.

Attached is a sample from 19sep with the anti layer in the crypter they are referring to.
You do not have the required permissions to view the files attached to this post.

ikolor
Posts: 319
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Thu Nov 16, 2017 3:19 pm

You do not have the required permissions to view the files attached to this post.

Antelox
Posts: 251
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Re: Malware collection

Post by Antelox » Thu Nov 16, 2017 3:41 pm

This is Geodo/Emotet doc downloader.

It downloads this: https://www.virustotal.com/en/file/0775 ... /analysis/

BR,

Antelox

ikolor
Posts: 319
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Tue Nov 28, 2017 7:28 pm

You do not have the required permissions to view the files attached to this post.

Antelox
Posts: 251
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Re: Malware collection

Post by Antelox » Wed Nov 29, 2017 8:03 am

Geodo/Emotet doc downloader.

Downloads this: https://www.virustotal.com/en/file/b4e2 ... /analysis/

BR,

Antelox

ikolor
Posts: 319
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Wed Feb 21, 2018 10:06 am

You do not have the required permissions to view the files attached to this post.

Antelox
Posts: 251
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Re: Malware collection

Post by Antelox » Wed Feb 21, 2018 10:33 am

Geodo/Emotet doc downloader.

BR,

Antelox

ikolor
Posts: 319
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Wed Feb 21, 2018 4:41 pm

You do not have the required permissions to view the files attached to this post.

Antelox
Posts: 251
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Re: Malware collection

Post by Antelox » Thu Feb 22, 2018 8:13 am

Geodo/Emotet doc downloader.
Download this: https://www.virustotal.com/en/file/a267 ... /analysis/

BR,

Antelox

tomatto007
Posts: 24
Joined: Fri Mar 19, 2010 8:16 pm

Re: Malware collection

Post by tomatto007 » Fri Feb 23, 2018 6:06 am

Antelox wrote:
Geodo/Emotet doc downloader.
Download this: https://www.virustotal.com/en/file/a267 ... /analysis/

BR,

Antelox
FILES ADDED:
%LOCAL APPDATA%\MICROSOFT\WINDOWS\ISONET.EXE

VALUES ADDED:
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ISONET: "%LOCAL APPDATA%\MICROSOFT\WINDOWS\ISONET.EXE"

Post Reply