Malware Hunter JAMESWT Technical Analysis

A real stolen email conversation carries Emotet. The zip attachment contains a file that runs a PS and downloads the dll from an internal list of url, starting the malware infection

A real stolen email conversation is the lure to convey a new Emotet campaign.

The password-protected zip attachment (provided in the text) contains a file that runs a powershell to download the dll from an internal list of url, starting the malware infection.

Emotet is a banking Trojan used by cybercrime, to which modules have been added over time that allow it to steal the passwords stored in the victims’ software, infect other computers connected to the same botnet and reuse emails for subsequent spam campaigns.