A zip attachment contains a img with an exe: the malware. The other, a pdf downloading a zip with an exe: the same malware. The data is exfiltrated via SMTP.
Cybercrime, new Emotet campaign in Italy via EA Arpa
Malware Hunter JAMESWT Technical Analysis
New Emotet campaign in Italy via EA Arpa. The zip attachment contains an xls file that contacts an internal list of URLs and downloads the dll from Epoch5 botnet, starting malware infection
Emotet arrives in Italy with a new Arpa Veneto-themed campaign.
The agency’s fake email, which uses a real stolen signature, contains a password-protected zip attachment (provided in the text). Inside there is an xls file that contacts an internal list of URLs and downloads the dll from the Epoch5 botnet, starting the malware infection chain.
Emotet is a banking Trojan used by cybercrime, to which modules have been added over time that allow it to steal the passwords stored in the victims’ software, infect other computers connected to the same botnet and reuse emails for subsequent spam campaigns.