Emotet Returns, Adopts Binary Padding for Evasion 
------------------------------------------------------------------------------------------------------------------
Indicators of Compromise
------------------------------------------------------------------------------------------------------------------
Indicator	Value									Detection name
File SHA256	221608d1df1262559e6416acb37d114b0e6c4308e30fcde50b979548f64d709f	TrojanSpy.Win64.EMOTET.SMA
File SHA256	2112b5695e7bbe910a6efbab32332027a7fd6384f54c55c6e61a26812ad47e6d	TrojanSpy.Win64.EMOTET.SMA
File SHA256	e34f283e6c42994ac9075cde8a341480f9d0a8f85097f8de3b6b4a959bf8c2c9	TrojanSpy.Win64.EMOTET.SMA
File SHA256	9b3119b6183eea08a6934736766f611e44ca00c0ae06aa890cbbbc57b83e6819	TrojanSpy.Win64.EMOTET.SMA
File SHA256	17278c375e4191ab84b5fff5d15a587f8d0b4a47111d0d9fa077fc6ec0e3d6fb	TrojanSpy.Win64.EMOTET.SMA
File SHA256	1aa186d60ccf50a91cbbecaa8a97d64e33f5bc7f995685566153dfdbc4524825	TrojanSpy.Win64.EMOTET.SMA
File SHA256	d2d6f45a9f94e6531d6cd379637243b65a7ea4ad2fa76e4357b0ecff24066141	TrojanSpy.Win64.EMOTET.SMA
File SHA256	1123590c74f22e24e047fb79c74bf61a4d2d52326805d046dd668c4c50b1318e	TrojanSpy.Win64.EMOTET.SMA
File SHA256	224c824cb2c3021ce627024afec4dcdc7eba94abce6704ed4a4f1681767a904c	TrojanSpy.Win64.EMOTET.SMA
File SHA256	6f9f0b51aaa11810ded4080d39bed24ff7649bc3fccc587ced5e9398951e27e0	TrojanSpy.Win64.EMOTET.SMA
File SHA256	064d6af066c9ffe0b45cd09f7424a4865c6ec839f7786ead27f40bd0ca21a15b	TrojanSpy.Win64.EMOTET.SMA
File SHA256	534a5e2bdfdba8041ca3f218b35d35c6f70fef6db7e1b97e9f598a44706f2960	TrojanSpy.Win64.EMOTET.SMA
File SHA256	5400be12ec93d6936c2393bce3a285865e0b5f9280f2c0ce80b1827d07e84620	TrojanSpy.Win64.EMOTET.SMA
File SHA256	9a358c9a72d4c083975ad07939cc61be864d87dc31370be86ad25cfc38f6b5e4	TrojanSpy.Win64.EMOTET.SMA
File SHA256	db732daf92ed02271c901c3fbf63cd065babe89d78e666952f1ef8b6cc6be7a9	TrojanSpy.Win64.EMOTET.SMA
File SHA256	9b85d53c592fa72cc4b83d2b1c7fc6b161f02131d82a5a9df5cc9196add8b5d8	TrojanSpy.Win64.EMOTET.SMA
File SHA256	50cf8c54a661864adc325101562012858204c266bd750df2111c1b360295f0b0	TrojanSpy.Win64.EMOTET.SMA
File SHA256	6f2c660d0241bd16353897f2f5053d7881d725cb11c80d4e3219d9a11a93d913	TrojanSpy.Win64.EMOTET.SMA
File SHA256	219b8b680cdb109192f256e6fea049b683ee5b8128821c962ea18dc8261999a2	TrojanSpy.Win64.EMOTET.SMA
File SHA256	6780fdcbeae81f470907367bb0d08a29738d0744344e31b3f125c3bbf139e872	TrojanSpy.Win64.EMOTET.SMA
File SHA256	839c0561c751c954c89eee7648790dba26457a5c450ef895738068c43cc09565	TrojanSpy.Win64.EMOTET.SMA
File SHA256	32c4a024eb1d2e6663eebf5881a6ae1b4e8e8c40cf44083c21a5b8ca52dbe865	TrojanSpy.Win64.EMOTET.SMA
File SHA256	aac6d4928496db46eb70c7a9e5a0c27569b45df06e13203d9ed65cc2ba66acb8	TrojanSpy.Win64.EMOTET.SMA
File SHA256	3a5364f5c47a3082d2e5b9a1f9ff2b30bf1455e5a51e022f5a3a0253f74abfe5	TrojanSpy.Win64.EMOTET.SMA
File SHA256	c6c30499dc0f62b933373f1bbe7484a94acd265a5d8a42298f970a82b4c883cd	TrojanSpy.Win64.EMOTET.SMA
File SHA256	4c6682442c09628d31b0628976be2229243a444c333fa2f21587a09eecb66ff7	TrojanSpy.Win64.EMOTET.SMA
File SHA256	f69f5abe3956b2dcb02592209f941d8bbd65630866da650e45d5d9c683d1e981	TrojanSpy.Win64.EMOTET.SMA
File SHA256	fbe4c084d44a1b42840ece71b97198bae8ac059311c382c4d8005e6c69e027f6	TrojanSpy.Win64.EMOTET.SMA
File SHA256	38136a459b33a78c7e23691c880cb25ad463f5d615cf85cb8ceecda4e7f9ebc4	TrojanSpy.Win64.EMOTET.SMA
File SHA256	672a1e5a8a0d30687d3510672086e9ca7a29deff46b8a63dd7b7ba6149a01b42	TrojanSpy.Win64.EMOTET.SMA
------------------------------------------------------------------------------------------------------------------
URL		hxxps[://]diasgallery[.]com/about/r/
URL		hxxps[://]www[.]snaptikt[.]com/wp-includes/am4cz6wp2k4sfq/
URL		hxxp[://]139[.]219[.]4[.]166/wp-includes/xxrrajtiutdhn7n13/
URL		hxxps[://]esentai-gourmet[.]kz/404/edt0f/
URL		hxxp[://]www[.]189dom[.]com/xue80/c0ajr5tfi5pvi8m/
URL		hxxp[://]mtp[.]evotek[.]vn/wp-content/l/
URL		hxxps[://]midcoastsupplies[.]com[.]au/confignqs/es2oe4geh7fbz/
------------------------------------------------------------------------------------------------------------------
IP Address	153[.]92[.]5[.]27
IP Address	202[.]129[.]205[.]3
IP Address	115[.]68[.]227[.]76
IP Address	139[.]59[.]126[.]41
IP Address	91[.]207[.]28[.]33
IP Address	103[.]43[.]75[.]120
IP Address	5[.]135[.]159[.]50
IP Address	163[.]44[.]196[.]120
IP Address	82[.]223[.]21[.]224