Emotet

Emotet Being Distributed Using Various Files

The ASEC analysis team has recently discovered the distribution of Emotet through link files (.lnk). The malware has been steadily distributed in the past, but starting from April, it was found that the Emotet downloader uses Excel files as well as link files (.lnk). One feature that the secured EML files share is that they all disguise themselves as replies to the user’s email to distribute the malware strain. The Excel file attached in the email of Figure 1 uses…

Emotet Being Distributed in Korea via Excel Files

The ASEC analysis team has recently discovered the active distribution of malicious Excel files that download Emotet. The team has introduced this type of malware in the post ‘Emotet Being Distributed Using Excel Files‘ last month. At that time, only types of Excel files that use macro sheets were found, but recently, there have been types that perform malicious behaviors using VBA macro. The distributed email had a compressed file as an attachment, and it contained an Excel file that…