ioc[.]one - OSINT Cyber Threat Intelligence Database

Reverse engineering Emotet – Our approach to protect GRNET against the trojan

Tags

country:	Greece
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Thread Local Storage - T1055.005 Tool - T1588.002 New Service - T1050 Powershell - T1086 Scripting - T1064 Scripting

Show in Graph

Common Information

Type	Value
UUID	2b5761b3-e686-4445-9db6-026bdcff36a2
Fingerprint	2c80993364af1e09
Analysis status	DONE
Considered CTI value	0
Text language
Published	Feb. 8, 2021, midnight
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Reverse engineering Emotet – Our approach to protect GRNET against the trojan
Title	Reverse engineering Emotet – Our approach to protect GRNET against the trojan
Detected Hints/Tags/Attributes	110/3/44

Source URLs

	Redirection	Url
Details	Source	https://cert.grnet.gr/en/blog/reverse-engineering-emotet/

URL Provider

Details	Provider	Source level domain
Details	grnet.gr	cert.grnet.gr

Attributes

Details	Type	#Events	Value
Details	Domain	1174	gmail.com
Details	Domain	5	document.open
Details	Domain	1	system.ne
Details	Domain	7	system.io.directory
Details	Domain	339	system.net
Details	Domain	1	hn.com
Details	Domain	7	se.com
Details	Domain	1	blog.ma
Details	Domain	1	ck.com
Details	Domain	2	www.fr
Details	Domain	1	id.com
Details	Domain	1	ed.com
Details	Domain	1	rm.com
Details	Domain	1	bc.com
Details	Domain	1	resourceinfo.name
Details	Domain	19	client.py
Details	File	1	n1pjur3u.exe
Details	File	1	generate_symbol_hashes1.py
Details	File	533	ntdll.dll
Details	File	748	kernel32.dll
Details	File	1	generate_symbol_hashes2.py
Details	File	1	decrypt_bytes.py
Details	File	1	nested-payload-2.exe
Details	File	69	shlwapi.dll
Details	File	306	services.exe
Details	File	1	extract_c2_socket_addresses.py
Details	File	10	searchfilterhost.exe
Details	File	23	searchprotocolhost.exe
Details	File	117	taskmgr.exe
Details	File	137	conhost.exe
Details	File	1208	powershell.exe
Details	File	380	notepad.exe
Details	File	172	dllhost.exe
Details	File	1	c:\users\ieuser\appdata\local\dxdiag\reg.exe
Details	File	19	client.py
Details	IPv4	3	46.101.58.37
Details	Url	1	http://in*******hn.com/wp-admin/sa
Details	Url	1	http://sh*******se.com/wp-includes/id3/idz
Details	Url	1	http://blog.ma********ck.com/wp-admin/spq
Details	Url	1	https://www.fr*********id.com/wp-content/g
Details	Url	1	https://pe********ed.com/vmware-unlocker/dac
Details	Url	1	https://me*******rm.com/wp-admin/lb
Details	Url	1	http://ie*******bc.com/cow/2bb
Details	Windows Registry Key	47	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run