malware_traffic

2021-01-12 (Tuesday) Malware from Emotet epoch 3 infection with Trickbot gtag mor12

Jan 12th, 2021
1,254
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2021-01-12 (TUESDAY) - MALWARE FROM EMOTET EPOCH 3 INFECTION WITH TRICKBOT GTAG MOR12
  2.  
  3. - SHA256 hash: d8afc7a9a1a31aa1ac578dd94b1a547dab0db01e5770779ba7fff7079516e0d8
  4. - File size: 61,609 bytes
  5. - File name: Agenda-79844.zip
  6. - File description: Password-protected ZIP archive, password: 28ivw
  7.  
  8. - SHA256 hash: ace4a5bc0575d917c7d59092089a82be55031d8a4c4e7a82d2cbf094406dc02d
  9. - File size: 106,027 bytes
  10. - File name: Agenda-57014.doc
  11. - File description: Word doc for Emotet (epoch 3) extracted from above ZIP archive
  12.  
  13. - SHA256 hash: 094eed8f5b6dc90377590b0dab964b0084c9a8244bd2bad0ae927e05574aefec
  14. - File size: 344,920 bytes
  15. - File location: hxxp://angel2gether[.]de/BlutEngel/SpeechEngines/
  16. - File location: C:\Users\[username]\Lml3xbn\U6hwgln\[something, the file was deleted]
  17. - File location: C:\Users\[username]\AppData\Local\Eiohax\zhyla.htn
  18. - File description: DLL file for Emotet (epoch 3)
  19. - Run method: rundll32.exe [filename],ShowDialogA
  20.  
  21. - SHA256 hash: e040cad9eb0815e34d1133d52e15d5a254fabbff250972329303d0cc1da15c35
  22. - File size: 499,712 bytes
  23. - File location: C:\Users\[username]\AppData\Local\Eiohax\kwcqgsatnmwpys.exe
  24. - File location: C:\Users\[username]\AppData\Roaming\Trackless331313539\kwcqgsatnmwpys.exe
  25. - File description: Follow-up malware, Trickbot gtag mor12
RAW Paste Data