Skip to content
This code is just a fun, developed for the need for the articles devoted to Emotet.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
pictures
poc/emotet_v5
samples
README.md
get_config.py
unpacker.py

README.md

Emotet'ed (toolkit)

This code is just a fun, developed for the need for the articles devoted to Emotet.

The sample directory contain real Emotet malware.

  • the password is always: infected

/!\ PLEASE, DO NOT USE FOR CRIMINAL PURPOSE BUT FOR THE RESHEARCH

unpacker.py

You can unpack the Emotet v5 (only) payload with the unpacker script.

$ python2.7 unpacker.py -h
usage: unpacker.py [--sample SAMPLE] [--out-file OUT_FILE]
                   [--out-stage1 OUT_STAGE1]

Emotet 2019 - Unpacking Payload Toolkit

required arguments:
  --sample SAMPLE, -s SAMPLE
                        Path to sample file to input.
  --out-file OUT_FILE, -of OUT_FILE
                        Path to unpacked file out.

optional arguments:
  --out-stage1 OUT_STAGE1, -os1 OUT_STAGE1
                        Path to stage1 file out.

alt text

get_config.py

You can use the script "get_config.py" to get the IP addresses list.

$ python2.7 get_config.py -h
usage: get_config.py [--sample SAMPLE]

Emotet 2019 - Get Configuration Toolkit

required arguments:
  --sample SAMPLE, -s SAMPLE
                        Path to sample file to input.

== Emotet (version 5) ==

alt text

alt text

== Emotet (version 6) ==

alt text

alt text

You can’t perform that action at this time.