The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Latest Emotet malware samples and IOCs

Nov 26, 2019 5:59:47 PM / by PolySwarm Tech Team

[Updated November 27, 2019]: 

Emotet is a banking Trojan that was first identified by security researchers in 2014. Emotet was first designed as a banking malware that attempted to sneak onto computers and steal sensitive and private information. It has evolved over the last several years from a basic threat, and morphed into a customizable modular package and has been seen deploying additional payloads against financial institutions, enterprises, and consumers across the globe. 

Emotet uses functionality that helps it evade detection by some anti-malware products. Emotet's worm-like functionality enabling it to spread to connected computers prompted the Department of Homeland Security to conclude that Emotet is a destructive and costly malware, impacting private sectors, government and individuals, and costing upwards of $1 million per incident to remediate.

Here we have laid out the latest IOCs and links to hash search results and scans in PolySwarm, a threat detection marketplace that aggregates scan results and details provided by a network of scanning engines: 

November 27, 2019, 6:46:57 PM CET: 

[*] Malware family: Emotet
[+] Hashes:
3382eaa2e1d89b479dbf8c9fed135e9c4737dd7b266383a65791615639a30183
500ee54d1e170ab45f77d24fcd62ee3b87566de8412db3adeb19ce2e8dd338cd
55f774cf58ab33bd5b05ce68ba92ca0ada477bb38e08a97ebf0873f675523d4b
562af50f521878f7ff714a6bd5a7ef9d0cf7fa279b842de23ae4f562ead14594
64ff2f6f003d984ed69987b132110485a8390d7c95d464fc9a0fc1a1222e9dda
717164534c8479c7c4b25aa7c3c6eeab8341ffe1e73deb0097d7ba5107b88973
924563adf90b3e00642e072fbd14829c13038aa3f5a7b7c45ec720a3f2396801
9bcd9e0c60ee23bd7497880169f55416ace0bdf615779be2f2b82303cf3ea974
b4cec97c477de6c0e36a7f121c9e4cadb7bed25a36a2bea7219103877a3fb06d
c2fefbc6f35f5339810d5ba572868ac578888ff7b9d96ae33e2a4e5248e3d8a8
ceeb5a549809ae7aae33ec1c65bfc62d90e5400e52bba41f896f415d5c4237bf
d4e7e428ec774d37b7420805481ea9883991b63cb667035976c810c247d3a5d1
db0cd4eb4a6af551514fe57d32e8ab27c1e3ff7ad630509b252765208b8e2084
[+] PolySwarm Permalink:
Scan permalink: https://polyswarm.network/scan/results/457fa9c9-c96f-4a90-bf25-cf30b32692fc
Scan permalink: https://polyswarm.network/scan/results/38dca6cc-3261-44e7-b5de-7638e79b5491
Scan permalink: https://polyswarm.network/scan/results/cf169740-97ef-459d-928a-04910bcdd2a2
Scan permalink: https://polyswarm.network/scan/results/0fd9b916-3250-4a03-b13b-2170f51c1504
Scan permalink: https://polyswarm.network/scan/results/5e3b97c1-16fa-43b9-8d67-2e6c83f7e04e
Scan permalink: https://polyswarm.network/scan/results/e294d855-edfd-4e88-9db3-e56f84b6f84c
Scan permalink: https://polyswarm.network/scan/results/d3fdfb78-8d7e-4da0-a020-c9679532f6e0
Scan permalink: https://polyswarm.network/scan/results/fd7c9370-9dfd-43c1-9986-95e5fb8a7916
Scan permalink: https://polyswarm.network/scan/results/b3f83c92-0458-429e-83d2-30459cd735ad
Scan permalink: https://polyswarm.network/scan/results/bf407db8-e004-461e-92aa-65b29f01a993
Scan permalink: https://polyswarm.network/scan/results/cd545f91-bd4e-4c59-b1d2-f018688f4fde
Scan permalink: https://polyswarm.network/scan/results/706c738f-e5e3-4e15-adef-7e1ff7198425
Scan permalink: https://polyswarm.network/scan/results/62ad5a80-248e-4da9-880d-032b97fb19b7
[+] Dropper URL:
hxxp://anaesthesie-blasewitz[.]de/css/TWWKjnV/
hxxp://ardalan[.]biz/wp-includes/qb085995/
hxxp://consultinghd[.]ge/dberror/wHnkIRk/
hxxp://discoveryinspectors[.]com/wiajfh56jfs/iKgWHum/
hxxp://dldreamhomes[.]com/wp-admin/bwfPhHO/
hxxp://icloudgraphics[.]com/wp-content/o1cu7628/
hxxp://old[.]bigbom[.]com/wp-snapshots/installer/3vouc050850/
hxxp://romanemperorsroute[.]org/wp-content/9WtVQhBjl/
hxxps://aghayenan[.]com/mobi/lbckjl/
hxxps://bthitechvn[.]com/wp-admin/8qkzgnynv-47ovy28o-429/
hxxps://fysinstitute[.]com/hoaw62idks/xj/
hxxps://memaryab[.]com/wp-admin/F6klm/
hxxps://memorymusk[.]com/wp-content/ORIkPOUpF/
hxxps://my-way[.]style/8mjle980/vdCYhx/
hxxp://sociallysavvyseo[.]com/PinnacleDynamicServices/l0305/
hxxps://rakoffshoreic[.]com/media/KbjdZR/
hxxps://re365[.]com/wp-content/uploads/NNxgHxTx/
hxxps://rentigo[.]peppyemails[.]com/wp-content/uploads/4maot/
hxxps://revistaunipaz[.]000webhostapp[.]com/wp-admin/ZVqCpVyec/
hxxps://www[.]cuteandroid[.]com/wp-includes/sjfd01/
hxxps://www[.]icclcricketainment[.]com/wp-content/feWeaYm5jc/
hxxps://www[.]kiddostoysclub[.]com/wp-admin/c5/
hxxps://www[.]oshodrycleaning[.]com/aspnet_client/wlyj79/
hxxps://www[.]realestatetiming[.]net/oldwordpress/DooMQA/
hxxps://www[.]sennesgroup[.]com/wp-content/d4v/
hxxps://zvirinaal[.]000webhostapp[.]com/wp-admin/ZBsawyN/
hxxp://vogler[.]me/Schuldateien/rOXRqjAx/
hxxp://www[.]test3653[.]club/wp-includes/63llx5/

 

*Researchers and press are welcome to link to PolySwarm scan results in their reporting. Please attribute to PolySwarm.

***

PolySwarm helps security teams detect new and emerging malware. Enterprises and security operations centers (SOCs) benefit from PolySwarm’s aggregated network of scanning engines (both large AVs and specialized security experts) that are incentivized to accurately detect threats. PolySwarm lowers the barriers of participation for threat detection tools, and economically rewards early, accurate malware detection. Try out PolySwarm here and see how it detects new and emerging malware. 

 

 

PolySwarm Tech Team

Written by PolySwarm Tech Team