emotet

The latest version of Emotet downloader has a few new updates. In this post we'll have a look at these updates.These are the new updates:Obfuscation pattern is different to that in the past (3942 lines of VBS code)Powershell.exe is copied over to Temp and executed from there (evasion technique)Only one payload URI - this is a major changeLet's take a look at the malware and analyse it. Infection vector is the usual phishing email with a Word document attachment. Once you open the document, it asks you to enable the macros. Once enabled, the code…