The password-protected compressed attachment contains a doc file. This contacts a link and downloads the dll that starts the malware infection.
Technical analysis by the Malware Hunter JAMESWT
Emotet hits back with the malspam campaign that exploits real stolen email conversations. New messages with compressed attachment, which contains a .doc file. This, if opened, contacts a link from an internal list that downloads the malware from the Epoch 2 botnet
Emotet hits back with a new malspam campaign, which always exploits stolen email conversations. The messages are accompanied by compressed documents (.zip), which contain a .doc file. This, if opened, contacts a link from an internal list that downloads the malware from the Epoch 2 botnet. Emotet is a banking trojan to which modules have been added over time that allow it to steal passwords stored in the victims’ software, infect other computers connected to the same botnet and reuse the emails for subsequent spam campaigns.
The .doc document that contacts a link from an internal list to download the malware from the Epoch 2 botnet
The links list