BTC $51524.6928
ETH $3102.2833
BNB $384.2776
SOL $103.2311
XRP $0.5405
ADA $0.5849
AVAX $36.9511
TRX $0.1377
DOGE $0.0856
wstETH $3587.3896
LINK $18.6494
DOT $7.8438
WETH $3100.0078
UNI $11.0945
MATIC $0.9971
WBTC $51554.8458
IMX $3.3401
ICP $12.4013
LTC $70.0025
BCH $266.3236
CAKE $3.1426
FIL $8.1456
ETC $27.0947
RNDR $7.2587
DAI $1.0009
KAS $0.1676
HBAR $0.1071
ATOM $10.3461
INJ $35.4309
VET $0.0467
TON $2.0697
OKB $50.3127
FDUSD $0.9994
LDO $3.3633
GRT $0.3004
ARB $1.8920
XMR $128.8577
TIA $16.5811
XLM $0.1156
STX $2.5143
ENS $22.4126
NEAR $3.6605
APEX $2.4601
WEMIX $2.0774
MKR $2060.5410
BEAM $0.0332
MNT $0.8950
BTC $51524.6928
ETH $3102.2833
BNB $384.2776
SOL $103.2311
XRP $0.5405
ADA $0.5849
AVAX $36.9511
TRX $0.1377
DOGE $0.0856
wstETH $3587.3896
LINK $18.6494
DOT $7.8438
WETH $3100.0078
UNI $11.0945
MATIC $0.9971
WBTC $51554.8458
IMX $3.3401
ICP $12.4013
LTC $70.0025
BCH $266.3236
CAKE $3.1426
FIL $8.1456
ETC $27.0947
RNDR $7.2587
DAI $1.0009
KAS $0.1676
HBAR $0.1071
ATOM $10.3461
INJ $35.4309
VET $0.0467
TON $2.0697
OKB $50.3127
FDUSD $0.9994
LDO $3.3633
GRT $0.3004
ARB $1.8920
XMR $128.8577
TIA $16.5811
XLM $0.1156
STX $2.5143
ENS $22.4126
NEAR $3.6605
APEX $2.4601
WEMIX $2.0774
MKR $2060.5410
BEAM $0.0332
MNT $0.8950
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Emotet malware returns after a three-month hiatus

    The Emotet malware campaign continues after a lull of 3 months. Malicious emails began to reach people all over the world.

    Emotet is a known malware distributed via email. It is delivered to the target computer via malicious Microsoft Word and Excel attachments. When users open these documents and enable macros, the Emotet DLL is loaded into memory and then silently waits for instructions from a remote C2 server.

    Eventually, the malware starts stealing victims' emails and contacts for use in future Emotet campaigns or downloading additional payloads such as Cobalt Strike or other malware.

    Although Emotet was considered one of the most prevalent malware in the past, its campaign has been slowly fading. The last spam operation was observed in November 2022.

    Cybersecurity company Cofense and the Cryptolaemus group have warned that the Emotet botnet has resumed sending emails again.

    In the current campaign, the attackers use emails purporting to contain tax records. ZIP archives attached to emails weigh 500 megabytes or more. These are bloated Word documents, artificially increased in weight to make it harder for antivirus solutions to scan. The docs use Emotet's "Red Dawn" template, prompting users to include file content so that it "displays properly".

    These malicious documents contain a whole bunch of different macros that download the Emotet loader as a DLL from malicious sites, many of which are hacked WordPress blogs.

    Once downloaded, Emotet is saved in a randomly named folder in the %LocalAppData% folder and launched using regsvr32.exe. Once launched, the malware runs in the background, waiting for commands that will likely install additional payloads on the computer. These attacks typically result in data theft and full scale ransomware attacks.

    Cofense specialists said that they have not yet seen any additional payloads in this particular campaign. The malware simply collects data for future spam campaigns.

    In order not to fall for the hook of scammers, it is enough just not to run Microsoft Office files and other documents of dubious origin. This will most likely protect your data, time and nerves, preventing attackers from doing what they intended.

    Author DeepWeb
    In the United States, losses from Internet fraud reached a record $10 billion in 2022
    TikTok: Real Threat or Victim of Overblown Geopolitics?

    Comments 0

    Add comment