February 22, 2022

Emotet Changes Infection Tactic

Industry: N/A | Level: Tactical | Source: Unit42

Tracking of prolific malware, Emotet by Palo Alto Unit42, has identified a new infected attack method utilized by the malware. Starting with phishing emails containing a hijacked email thread, “The new attack delivers an Excel file through email, and the document contains an obfuscated Excel 4.0 macro. When the macro is activated, it downloads and executes an HTML application that downloads two stages of PowerShell to retrieve and execute the final Emotet payload.” Since the malware’s resurgence in November 2021, it has used a variety of techniques for its distribution, mostly involving email attachments as well as masquerading as an Adobe Windows App Installer Package.

  • Anvilogic Scenario: Malicious Document Delivering Malware
  • Anvilogic Use Cases:
    • Compressed File Execution
    • MSHTA.exe execution