Emotet spam trojan surges back to life after 5 months of silence

DVDR_Dog

Well-Known Member
Ultimate Donator
Donator
VIP
Nov 5, 2018
721
OS
Windows 10
BR
Chrome 83.0.4103.116
Hey here's a fun one that's coming back to life. Once again many thanks to Lawrence Abrams and the whole crew over at Bleeping.
Great guide. Covers vector of entry, changes it makes to the system and the damage it causes. Give it a read. It gives you great insight on a typical spammer virus.
https://www.bleepingcomputer.com/ne...urges-back-to-life-after-5-months-of-silence/
 
  • Like
Reactions: ThumperTM

DVDR_Dog

Well-Known Member
Ultimate Donator
Donator
VIP
Nov 5, 2018
721
OS
Windows 10
BR
Chrome 84.0.4147.89
A new variant?
That depends. In the strictest definition, no. It's the same framework that's used to deliver the payload.
From that point on it's a different macro that sets in motion a different series of downloads and programs but the end result is similar. Why that framework isn't being flagged is I suspect it's pretty generic, it's that first macro being executed that causes all the chaos. Haven't seen an infection of Emot but I would suspect any good A/V would flag the resulting macro or at least be highly suspect.
 

Similar threads