ioc[.]one - OSINT Cyber Threat Intelligence Database

Emotet droppers – Max Kersten

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086 Sudo - T1169

Show in Graph

Common Information

Type	Value
UUID	8d571af7-5bee-45d6-801b-14381761a37d
Fingerprint	a81939133abd338a
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 19, 2022, midnight
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 14, 2024, 6:59 p.m.
Headline	Emotet droppers
Title	Emotet droppers – Max Kersten
Detected Hints/Tags/Attributes	50/2/21

Source URLs

	Redirection	Url
Details	Source	https://maxkersten.nl/binary-analysis-course/malware-analysis/emotet-droppers/

URL Provider

Details	Provider	Source level domain
Details	maxkersten.nl	maxkersten.nl

Attributes

Details	Type	#Events	Value
Details	Domain	1	ohw7olntg.de
Details	Domain	1	sys6236.9355943074tem.net
Details	Domain	372	wscript.shell
Details	Domain	339	system.net
Details	Domain	1	h2jabj3e.next
Details	Domain	1	randomgenerator.next
Details	Domain	1	adsuide.club
Details	File	1	factura_os-0689.doc
Details	File	1	9355943074ty.exe
Details	File	2	c:\windows\temp\putty.exe
Details	File	1	stage4.php
Details	File	1	'imdbapcvgub.exe
Details	File	1	statistics.inc
Details	File	1	stage5.exe
Details	md5	1	52b94921d9e57a2009fb0c562aab25bc
Details	sha1	1	32bcf8bbf7a5a3e88f4025179f4be9445b8e7ec8
Details	sha1	1	8def78060ee806dcf94e65eb9b2fdf4ca1adb2de
Details	sha256	1	59c3bb00017dd3bb1abd4d42d9a50df24fcd320bacf5335d1c030b772dc796c5
Details	sha256	1	82fa35d4f8552c453b7ae2603738478cc22a266e687e481d02473ace810c7e1a
Details	Url	1	http://pro-course.ru/7wn7n1n,http://tapchisuckhoengaynay.com/wp-admin/attachments/fjhztkis,http://de.thevoucherstop.com/txjjrtzj,http://3kiloafvallen.nl/wwfuzp3g,http://uckelecorp.com/qntvlmnmt\".split
Details	Url	1	http://adsuide.club/y77qtkhv