2018-06-26 - QUICK POST: EMOTET INFECTION WITH ICEDID

ASSOCIATED FILES:

 

NOTES:

  • LAN segment:  172.16.5.0/24
  • Gateway:  172.16.5.1
  • Broadcast address:  172.16.5.255
  • Domain controller IP address:  172.16.5.9
  • Domain controller host name:  RAPTOR-NAV-DC
  • Domain name:  raptor-nav.com
  • Windows client IP address:  172.16.5.195
  • Windows client host name:  Snow-Patrol-PC
  • Windows client user account name:  raymundo.snow

 


Shown above:  One of the emails in raw plain text (.eml format).

 


Shown above:  Example of a Word document from link in the malspam.

 


Shown above:  Traffic from the infection filtered in Wireshark.

 


Shown above:  Malware persistent on the infected Windows host.

 

Click here to return to the main page.