What's new

Emotet spam trojan surges back to life after 5 months of silence

WELCOME TO THEWINDOWSFORUM COMMUNITY!

Our community has more than 50.000 registered members, and we'd love to have you as a member. Join us and take part in our unbiased discussions among people of all different backgrounds about Windows OS, Software, Hardware and more.

DVDR_Dog

Well-Known Member
Ultimate Donator
Donator
VIP
Nov 5, 2018
877
483
OS
Windows 10
BR
Chrome 83.0.4103.116
Hey here's a fun one that's coming back to life. Once again many thanks to Lawrence Abrams and the whole crew over at Bleeping.
Great guide. Covers vector of entry, changes it makes to the system and the damage it causes. Give it a read. It gives you great insight on a typical spammer virus.
https://www.bleepingcomputer.com/ne...urges-back-to-life-after-5-months-of-silence/
 

DVDR_Dog

Well-Known Member
Ultimate Donator
Donator
VIP
Nov 5, 2018
877
483
OS
Windows 10
BR
Chrome 84.0.4147.89
A new variant?
That depends. In the strictest definition, no. It's the same framework that's used to deliver the payload.
From that point on it's a different macro that sets in motion a different series of downloads and programs but the end result is similar. Why that framework isn't being flagged is I suspect it's pretty generic, it's that first macro being executed that causes all the chaos. Haven't seen an infection of Emot but I would suspect any good A/V would flag the resulting macro or at least be highly suspect.
 

Similar threads

Online statistics

Members online
6
Guests online
93
Total visitors
99
Top