Emotet Being Distributed via OneNote Posted By kwonxx , March 28, 2023 AhnLab Security Emergency response Center (ASEC) has recently discovered the distribution of Emotet being distributed via OneNote. A spear phishing email as below attached with a OneNote file prompts the reader to open the attachment which contains a malicious script file (JS file). Upon running the OneNote file, it directs the user to click the button to connect to the cloud to open the document. This ‘Next’ button is inserted with a malicious script named output1.js. As shown below, the…
Emotet Being Distributed Again via Excel Files After 6 Months Posted By jcleebobgatenet , November 11, 2022 Over multiple blog posts, the ASEC analysis team has released information on the distribution of Emotet which had been modified in many different ways. It has recently been identified that the Emotet malware has become active again. Around six months have elapsed since the last active distribution. This post will examine the differences between the current Excel file and the one that had been distributed in the past. The common characteristics include the fact that it is distributed through an…
Emotet Being Distributed Using Various Files Posted By jcleebobgatenet , May 20, 2022 The ASEC analysis team has recently discovered the distribution of Emotet through link files (.lnk). The malware has been steadily distributed in the past, but starting from April, it was found that the Emotet downloader uses Excel files as well as link files (.lnk). One feature that the secured EML files share is that they all disguise themselves as replies to the user’s email to distribute the malware strain. The Excel file attached in the email of Figure 1 uses…
Emotet Being Distributed in Korea via Excel Files Posted By jcleebobgatenet , February 10, 2022 The ASEC analysis team has recently discovered the active distribution of malicious Excel files that download Emotet. The team has introduced this type of malware in the post ‘Emotet Being Distributed Using Excel Files‘ last month. At that time, only types of Excel files that use macro sheets were found, but recently, there have been types that perform malicious behaviors using VBA macro. The distributed email had a compressed file as an attachment, and it contained an Excel file that…
