The On Again, Off Again Emotet is Now Back On

Category: Malware Campaign | Industry: Global | Level: Tactical | Source: Cofense

Emotet campaigns have fluctuated between surging and dormant since the infamous malware returned in November 2022. As of the morning of Tuesday, March 7th, 2023, at 8:00 AM EST, new malicious emails containing Emotet were circulating. The latest campaigns were discovered by security researcher, Cryptolaemus and researchers from Cofense, who have discovered the spam emails are carrying a weaponized Office document. The malicious document contains embedded macros contained within a compressed zip file. After the user accepts the “Enable Content” prompt, the malicious macros execute to retrieve Emotet DLLS from a remote site and execute them on the host machine.

Anvilogic Scenario:

• Malicious File Delivering Malware

Anvilogic Use Cases:

• Compressed File Execution
• Malicious Document Execution
• Wscript/Cscript Execution

‍