skip to Main Content

Cybercrime, Emotet returns to strike with stolen email conversations

Technical analysis by the Malware Hunter JAMESWT

Emotet hits back with the malspam campaign that exploits real stolen email conversations. New messages with compressed attachment, which contains a .doc file. This, if opened, contacts a link from an internal list that downloads the malware from the Epoch 2 botnet

Emotet hits back with a new malspam campaign, which always exploits stolen email conversations. The messages are accompanied by compressed documents (.zip), which contain a .doc file. This, if opened, contacts a link from an internal list that downloads the malware from the Epoch 2 botnet. Emotet is a banking trojan to which modules have been added over time that allow it to steal passwords stored in the victims’ software, infect other computers connected to the same botnet and reuse the emails for subsequent spam campaigns.

The .doc document that contacts a link from an internal list to download the malware from the Epoch 2 botnet

The links list

Back To Top