EmotetX – The King has returned 3/3 – EN

EmotetX – The King has returned 3/3 – EN

Disclaimer Boy…that took way longer than I anticipated…. After opening up the initial binary in Part 2 I then took my time to get all the way down and into the final stage to see the first connect to the C2 in action. However, this turned out to be a maze...
EmotetX – The King has returned 3/3 – EN

EmotetX – The King has returned 2/3 – EN

Disclaimer After I took an initial look at the emotet-dll I in Part 1 I now want to get a bit more into the details off what is going on exactly. This part will cover some of the things I tried and found out. Keep in mind, most of what I am writing down could be wrong...
EmotetX – The King has returned 3/3 – EN

EmotetX – The King has returned 1/3 – EN

Introduction Emotet is dead. Long live Emotet! The king has returned! After emotet got taken down 10months ago by a joint operation it is now back up and climbing the ladder to become number one ransomware once again. While I personally could not await to get my hands...