Emotet Returns, Adopts Binary Padding for Evasion ------------------------------------------------------------------------------------------------------------------ Indicators of Compromise ------------------------------------------------------------------------------------------------------------------ Indicator Value Detection name File SHA256 221608d1df1262559e6416acb37d114b0e6c4308e30fcde50b979548f64d709f TrojanSpy.Win64.EMOTET.SMA File SHA256 2112b5695e7bbe910a6efbab32332027a7fd6384f54c55c6e61a26812ad47e6d TrojanSpy.Win64.EMOTET.SMA File SHA256 e34f283e6c42994ac9075cde8a341480f9d0a8f85097f8de3b6b4a959bf8c2c9 TrojanSpy.Win64.EMOTET.SMA File SHA256 9b3119b6183eea08a6934736766f611e44ca00c0ae06aa890cbbbc57b83e6819 TrojanSpy.Win64.EMOTET.SMA File SHA256 17278c375e4191ab84b5fff5d15a587f8d0b4a47111d0d9fa077fc6ec0e3d6fb TrojanSpy.Win64.EMOTET.SMA File SHA256 1aa186d60ccf50a91cbbecaa8a97d64e33f5bc7f995685566153dfdbc4524825 TrojanSpy.Win64.EMOTET.SMA File SHA256 d2d6f45a9f94e6531d6cd379637243b65a7ea4ad2fa76e4357b0ecff24066141 TrojanSpy.Win64.EMOTET.SMA File SHA256 1123590c74f22e24e047fb79c74bf61a4d2d52326805d046dd668c4c50b1318e TrojanSpy.Win64.EMOTET.SMA File SHA256 224c824cb2c3021ce627024afec4dcdc7eba94abce6704ed4a4f1681767a904c TrojanSpy.Win64.EMOTET.SMA File SHA256 6f9f0b51aaa11810ded4080d39bed24ff7649bc3fccc587ced5e9398951e27e0 TrojanSpy.Win64.EMOTET.SMA File SHA256 064d6af066c9ffe0b45cd09f7424a4865c6ec839f7786ead27f40bd0ca21a15b TrojanSpy.Win64.EMOTET.SMA File SHA256 534a5e2bdfdba8041ca3f218b35d35c6f70fef6db7e1b97e9f598a44706f2960 TrojanSpy.Win64.EMOTET.SMA File SHA256 5400be12ec93d6936c2393bce3a285865e0b5f9280f2c0ce80b1827d07e84620 TrojanSpy.Win64.EMOTET.SMA File SHA256 9a358c9a72d4c083975ad07939cc61be864d87dc31370be86ad25cfc38f6b5e4 TrojanSpy.Win64.EMOTET.SMA File SHA256 db732daf92ed02271c901c3fbf63cd065babe89d78e666952f1ef8b6cc6be7a9 TrojanSpy.Win64.EMOTET.SMA File SHA256 9b85d53c592fa72cc4b83d2b1c7fc6b161f02131d82a5a9df5cc9196add8b5d8 TrojanSpy.Win64.EMOTET.SMA File SHA256 50cf8c54a661864adc325101562012858204c266bd750df2111c1b360295f0b0 TrojanSpy.Win64.EMOTET.SMA File SHA256 6f2c660d0241bd16353897f2f5053d7881d725cb11c80d4e3219d9a11a93d913 TrojanSpy.Win64.EMOTET.SMA File SHA256 219b8b680cdb109192f256e6fea049b683ee5b8128821c962ea18dc8261999a2 TrojanSpy.Win64.EMOTET.SMA File SHA256 6780fdcbeae81f470907367bb0d08a29738d0744344e31b3f125c3bbf139e872 TrojanSpy.Win64.EMOTET.SMA File SHA256 839c0561c751c954c89eee7648790dba26457a5c450ef895738068c43cc09565 TrojanSpy.Win64.EMOTET.SMA File SHA256 32c4a024eb1d2e6663eebf5881a6ae1b4e8e8c40cf44083c21a5b8ca52dbe865 TrojanSpy.Win64.EMOTET.SMA File SHA256 aac6d4928496db46eb70c7a9e5a0c27569b45df06e13203d9ed65cc2ba66acb8 TrojanSpy.Win64.EMOTET.SMA File SHA256 3a5364f5c47a3082d2e5b9a1f9ff2b30bf1455e5a51e022f5a3a0253f74abfe5 TrojanSpy.Win64.EMOTET.SMA File SHA256 c6c30499dc0f62b933373f1bbe7484a94acd265a5d8a42298f970a82b4c883cd TrojanSpy.Win64.EMOTET.SMA File SHA256 4c6682442c09628d31b0628976be2229243a444c333fa2f21587a09eecb66ff7 TrojanSpy.Win64.EMOTET.SMA File SHA256 f69f5abe3956b2dcb02592209f941d8bbd65630866da650e45d5d9c683d1e981 TrojanSpy.Win64.EMOTET.SMA File SHA256 fbe4c084d44a1b42840ece71b97198bae8ac059311c382c4d8005e6c69e027f6 TrojanSpy.Win64.EMOTET.SMA File SHA256 38136a459b33a78c7e23691c880cb25ad463f5d615cf85cb8ceecda4e7f9ebc4 TrojanSpy.Win64.EMOTET.SMA File SHA256 672a1e5a8a0d30687d3510672086e9ca7a29deff46b8a63dd7b7ba6149a01b42 TrojanSpy.Win64.EMOTET.SMA ------------------------------------------------------------------------------------------------------------------ URL https://diasgallery.com/about/r/ URL https://www.snaptikt.com/wp-includes/am4cz6wp2k4sfq/ URL http[://139.219.4.166/wp-includes/xxrrajtiutdhn7n13/ URL https://esentai-gourmet.kz/404/edt0f/ URL http://www.189dom.com/xue80/c0ajr5tfi5pvi8m/ URL http://mtp.evotek.vn/wp-content/l/ URL https://midcoastsupplies.com.au/confignqs/es2oe4geh7fbz/ ------------------------------------------------------------------------------------------------------------------ IP Address 153.92.5.27 IP Address 202.129.205.3 IP Address 115.68.227.76 IP Address 139.59.126.41 IP Address 91.207.28.33 IP Address 103.43.75.120 IP Address 5.135.159.50 IP Address 163.44.196.120 IP Address 82.223.21.224 IP Address 147.139.166.154 IP Address 119.59.103.152 IP Address 186.194.240.217 IP Address 169.57.156.166 IP Address 95.217.221.146 IP Address 183.111.227.137 IP Address 160.16.142.56 IP Address 103.132.242.26 IP Address 79.137.35.198 IP Address 1.234.2.232 IP Address 201.94.166.162 IP Address 45.176.232.124 IP Address 129.232.188.93 IP Address 159.65.88.10 IP Address 167.172.253.162 IP Address 72.15.201.15 IP Address 164.68.99.3 IP Address 153.126.146.25 IP Address 197.242.150.244 IP Address 107.170.39.149 IP Address 173.212.193.249 IP Address 185.4.135.165 IP Address 110.232.117.186