2018-06-22 - QUICK POST: EMOTET WITH TRICKBOT AND EMOTET WITH ZEUS PANDA BANKER

ASSOCIATED FILES:

  • 2018-06-21-and-2018-06-22-Emotet-malspam-60-examples.txt   (1,423,542 bytes)
  • 2018-06-22-1st-run-Emotet-pushes-Trickbot.pcap   (8,592,843 bytes)
  • 2018-06-22-2nd-run-Emotet-pushes-Zeus-Panda-Banker.pcap   (1,999,915 bytes)
  • 2018-06-22-1st-run-downloaded-Word-doc-with-macro-for-Emotet.doc   (219,904 bytes)
  • 2018-06-22-1st-run-Emotet-malware-binary.exe   (193,536 bytes)
  • 2018-06-22-1st-run-Trickbot-gtag-del14.exe   (417,792 bytes)
  • 2018-06-22-2nd-run-downloaded-Word-doc-with-macro-for-Emotet.doc   (193,280 bytes)
  • 2018-06-22-2nd-run-Emotet-malware-binary.exe   (193,024 bytes)
  • 2018-06-22-2nd-run-Zeus-Panda-Banker.exe   (222,208 bytes)

 

NOTES:

  • 1st run: malspam link --> Word doc --> macro --> Emotet --> Trickbot
  • 2nd run: malspam link --> Word doc --> macro --> Emotet --> Zeus Panda Banker

     


    Shown above:  Traffic from the 1st Emotet infection filtered in Wireshark.

     


    Shown above:  Traffic from the 2nd Emotet infection filtered in Wireshark.

     

    Click here to return to the main page.