An attmept to block malware before AV scans it.

A quick & dirty look at an Emotet infection.

A quick & dirty look at an Emotet infection.

Included domain list to PowerShell script...

a State-Machine reversing exercise

Control-flow-flattening and string deobfuscator

Collection of various files from infected hosts

IDA plugin to deobfuscate emotet CFF

Links to malware-related YARA rules

Emotet Loader helps execute Emotet modules in isolation. Emotet is one of the most active botnets, that delivers its modules, such as credit card stealer or SMB spreader, to the user machines. Emotet Loader allows to run the modules separately from the core component and help analyzing their behavior.

EmoKill is an Emotet process detection and killing tool for Windows OS. It avoids wasting time after detection of Emotet. Any process that matches the pattern of Emotet based on the logic of EmoCheck by JPCERT/CC will be detected by EmoKill and killed as soon as possible.

A collection of malwares found on the internet.

Emotet detection tool for Windows OS

A repository full of malware samples.

Malware samples, analysis exercises and other interesting resources.

This repository contains two static malware analysis labs: one exploring Emotet using VirusTotal and Hybrid Analysis, and another focused on keylogger dissection using REMnux and PEStudio.

Professional malware analysis report of Emotet — sanitized, with IOCs, YARA rules, MITRE ATT&CK mapping, and screenshots.