2018-05-17 - QUICK POST: EMOTET

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2018-05-17-Emotet-malspam-24-examples.txt.zip   5.1 kB (5,059 bytes)
• 2018-05-17-Emotet-infection-traffic.pcap.zip   15.0 MB (14,984,685 bytes)
• 2018-05-17-malware-from-Emotet-infection.zip   340 kB (339,561 bytes)

NOTES:

• My infected Windows host turned into a spambot and sent out more Emotet emails.
• The Emotet malspam sent from my infected host had no links, but instead had the Word doc as an attachment.

Shown above:  Traffic from the infection filtered in Wireshark.

 

Shown above:  Traffic from the infection filtered in Wireshark showing my infected Windows host sending out more Emotet malspam.

 

Shown above:  I leave my infected Windows host alone for a short while, and it turns into an Emotet malspambot!

 

Click here to return to the main page.