emotet

Malware samples, analysis exercises and other interesting resources.

A repository full of malware samples.

Emotet detection tool for Windows OS

Control-flow-flattening and string deobfuscator

Collection of various files from infected hosts

A collection of malwares found on the internet.

IDA plugin to deobfuscate emotet CFF

Links to malware-related YARA rules

Emotet Loader helps execute Emotet modules in isolation. Emotet is one of the most active botnets, that delivers its modules, such as credit card stealer or SMB spreader, to the user machines. Emotet Loader allows to run the modules separately from the core component and help analyzing their behavior.

a State-Machine reversing exercise

EmoKill is an Emotet process detection and killing tool for Windows OS. It avoids wasting time after detection of Emotet. Any process that matches the pattern of Emotet based on the logic of EmoCheck by JPCERT/CC will be detected by EmoKill and killed as soon as possible.

An attmept to block malware before AV scans it.

A quick & dirty look at an Emotet infection.

A quick & dirty look at an Emotet infection.

Included domain list to PowerShell script...

This repository contains two static malware analysis labs: one exploring Emotet using VirusTotal and Hybrid Analysis, and another focused on keylogger dissection using REMnux and PEStudio.