skip to Main Content

Cybercrime, new Emotet campaign on real stolen emails

Technical analysis by the Malware Hunter JAMESWT

Emotet continues to exploit real stolen email conversations to spread. The attachment, if open, contacts the first available url from a list within it to download the malware from one of the three Epoch cybercrime botnets

Emotet continues to exploit real stolen email conversations to spread. In the last few hours, new emails that take advantage of this strategy together with a word document attachment are circulating. The file, if opened, contacts the first available url from a list within it to download the malware from one of the three Epoch botnets (in this case the second one). Emotet is a banking Trojan to which modules have been added over time that allow it to steal the passwords stored in the victims’ software, infect other computers connected to the same botnet and reuse emails for subsequent spam campaigns.

An example of a malicious mail sent to targets in Italy

The doc document that contacts an url from am inside list to download the malware

The links from which Emotet is downloaded

Back To Top