2020-09-30 - EMOTET INFECTION WITH TRICKBOT

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2020-09-30-Emotet-with-Trickbot-IOCs.txt.zip   2.1 kB   (2,103 bytes)

• 2020-09-30-Emotet-with-Trickbot-IOCs.txt   (4,535 bytes)

• 2020-09-30-Emotet-infection-with-Trickbot.pcap.zip   4.2 MB   (4,165,556 bytes)

• 2020-09-30-Emotet-infection-with-Trickbot.pcap   (4,831,528 bytes)

• 2020-09-30-Emotet-with-Trickbot-malware-and-artifacts.zip   550.3 kB   (550,268 bytes)

• 2020-09-30-Emotet-EXE.bin   (286,720 bytes)
• 2020-09-30-Registry-Update-for-Emotet.txt   (614 bytes)
• 2020-09-30-Trickbot-EXE.bin   (516,096 bytes)
• 2020-09-30-Word-doc-with-macro-for-Emotet.bin   (148,920 bytes)
• 2020-09-30-scheduled-task-for-Trickbot.txt   (3,504 bytes)

 

IMAGES

Shown above:  Traffic from an infection filtered in Wireshark.

 

Shown above:  Emotet EXE on the infected host.

 

Shown above:  Trickbot EXE on the infected host.

 

Click here to return to the main page.