skip to Main Content

Cybercrime, second Emotet campaign via real stolen email conversation

Malware Hunter JAMESWT Technical Analysis

Second Emotet campaign via real stolen email conversation. The xls directly contacts an internal list of URLs and downloads the dll, starting the malware infection

There is a second Emotet campaign in circulation, which uses a real stolen email conversation.

 

The mechanism is always the same: the attachment contacts an internal list of URLs and downloads the dll, starting the malware infection.

The difference, however, is precisely in the attachment. It is no longer contained in a password-protected zip file, but is a “clear” xls. Emotet is a banking Trojan used by cybercrime, to which modules have been added over time that allow it to steal the passwords stored in the victims’ software, infect other computers connected to the same botnet and reuse emails for subsequent spam campaigns.

Back To Top