Technical analysis by the Malware Hunter JAMESWT

Emotet returns to strike even in Italy via stolen email conversations. The message contains a zip attachment with a doc file inside. This, if opened, contacts a link from an internal list and downloads the dll from Epoch 1 and 3 botnets, which starts the malware infection chain

Emotet also hits Italy again with a new malspam campaign, which exploits real stolen email conversations. The messages are accompanied by compressed documents (.zip), password-protected (provided in the text) which contain a .doc file. This, if opened, contacts a link from an internal list that downloads the dll from Epoch botnets 1 and 3, which starts the malware infection. Emotet is a banking Trojan to which modules have been added over time that allow it to steal passwords stored in the victims’ software, infect other computers connected to the same botnet and reuse emails for subsequent spam campaigns.

Some weaponized emails arrived in Italy

The doc document