Win32/Emotet - Banking trojan

Forum for analysis and discussion about malware.
User avatar
EP_X0FF
Global Moderator
Posts: 4903
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Fri Apr 10, 2015 3:57 am

You do not have the required permissions to view the files attached to this post.
Ring0 - the source of inspiration
ikolor
Posts: 331
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Tue May 02, 2017 6:42 pm

You do not have the required permissions to view the files attached to this post.
ikolor
Posts: 331
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Wed May 03, 2017 9:23 am

You do not have the required permissions to view the files attached to this post.
Antelox
Posts: 274
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Wed May 03, 2017 9:47 am

Geodo doc downloader which downloads this: https://www.virustotal.com/en/file/eec3 ... 493803270/
The first one is Geodo doc downloader which downloads this: https://www.virustotal.com/en/file/7c17 ... 493754433/

The second one doesn't look malicious to me...

BR,

Antelox
ikolor
Posts: 331
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Wed Jul 26, 2017 8:29 am

You do not have the required permissions to view the files attached to this post.
Antelox
Posts: 274
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Wed Jul 26, 2017 9:27 am

Geodo/Emotet doc downloader

https://www.hybrid-analysis.com/sample/ ... mentId=100

The Geodo binary:

https://www.virustotal.com/en/file/a79d ... /analysis/
https://www.hybrid-analysis.com/sample/ ... mentId=100

FYI in the HA report, you can find some download URLs, both for the doc and the binary.

BR,

Antelox
ikolor
Posts: 331
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Wed Jul 26, 2017 7:04 pm

You do not have the required permissions to view the files attached to this post.
Antelox
Posts: 274
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Thu Jul 27, 2017 8:03 am

First sample is Geodo Loader, the second one looks like an encrypted data file.

BR,

Antelox
ikolor
Posts: 331
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Thu Jul 27, 2017 8:31 am

I know but what is inside.If you decipher it .
Antelox
Posts: 274
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Thu Jul 27, 2017 8:53 am

ikolor wrote:I know but what is inside.If you decipher it .
I don't know the source as well as the key to decrypt it...

BR,

Antelox
Post Reply