skip to Main Content

Cybercrime, Emotet resumes activities after the Christmas break

Technical analysis by the Malware Hunter JAMESWT

Emotet resumes its activities also in Italy after the Christmas break

Emotet resumes its activities after the Christmas break. In these hours, new waves of emails are circulating with the same scheme: the compressed attachment, protected by the password provided in the text, contains a word file. This, if opened, contact some links and download the dll or exe from one of the three Epoch botnets which starts the chain of infection. This, thanks to a powershell script, contained in the doc. Emotet is a banking Trojan to which modules have been added over time that allow it to steal passwords stored in the victims’ software, infect other computers connected to the same botnet and reuse emails for subsequent spam campaigns.

Example of an email arrived in Italy

The doc document

 

Back To Top