A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #32714  by Fedor22
 Fri Mar 22, 2019 4:04 pm
ikolor wrote: Thu Mar 21, 2019 7:59 pm next

https://www.virustotal.com/en/file/cd15 ... 553198197/
Emotet downloader.
Downloads exe from:
Code: Select all
hxxp://siamnatural.com/tmp/EmC/
Connects to CnC servers:
Code: Select all
hxxp://185.94.252.3:443/bml/tlb/ringin/
hxxp://185.94.252.3:443/ringin/arizona/ringin/merge/
hxxp://5.196.133.206:443/whoami.php
  • 1
  • 3
  • 4
  • 5
  • 6
  • 7