all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Emotet Downloader Document Uses Regsvr32 for Execution

Add to bookmarks
July 28, 2022, 1 p.m. | EclecticIQ Threat Research Team

Security Boulevard securityboulevard.com


Executive Summary


This paper investigates a recent Emotet intrusion and details how the final Emotet payload is installed onto the system. The key observations are:



  • Obfuscated Excel macros used to download and run the Emotet loader.

  • Emotet loader executed using regsvr32.exe.

  • Encrypted Emotet payload embedded in loader’s .rsrc section.

  • Windows service used for Emotet payload persistence.

  • Emotet continues to evolve delivery techniques and obfuscation to reduce detection.


Background


Emotet is a Windows-based malware loader operated by the cybercrime group TA542 …

cybercriminal document emotet intelligence research malware mitre attack regsvr32 technical threats and vulnerabilities threats & breaches trojan vulnerabilities

Visit resource

More from securityboulevard.com / Security Boulevard

How a YouTube Content Filter Can Give Your District More Control an hour ago | securityboulevard.com
beyond can control education +13
ITDR vs ISPM: Which Identity-first Product Should You Explore? 7 hours ago | securityboulevard.com
axiad cybersecurity emerging fresh takes +7
“You Can’t Protect What You Can’t See” Still Rings True. Why Observability Now. 10 hours ago | securityboulevard.com
awareness blog can effectively +12
Transforming Customer Experience: Enhancing CX through CIAM and Insights 12 hours ago | securityboulevard.com
ciam ciam solutions competitive customer +23
What is Penetration Testing: A comprehensive business guide 13 hours ago | securityboulevard.com
benefits business critical cyber security +18
Best Practices to Strengthen VPN Security 14 hours ago | securityboulevard.com
authentication best practices covid data +26
Cradlepoint Adds SASE Platform for 5G Wireless Networks 14 hours ago | securityboulevard.com
5g access cloud cloud service +28
BTS #28 – 5G Hackathons – Casey Ellis 14 hours ago | securityboulevard.com
casey ellis eclypsium enterprise hackathons +6
CCPA Compliance with Accutive Data Discovery and Masking: Understanding and protecting your sensitive data 15 hours ago | securityboulevard.com
act adm platform articles businesses +30

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Cyber Systems Administration

@ Peraton | Washington, DC, United States
View on infosec-jobs.com

Android Security Engineer, Public Sector

@ Google | Reston, VA, USA
View on infosec-jobs.com

Lead Electronic Security Engineer, CPP - Federal Facilities - Hybrid

@ Black & Veatch | Denver, CO, US
View on infosec-jobs.com

Profissional Sênior de Compliance & Validação em TI - Montes Claros (MG)

@ Novo Nordisk | Montes Claros, Minas Gerais, BR
View on infosec-jobs.com

Principal Engineer, Product Security Engineering

@ Google | Sunnyvale, CA, USA
View on infosec-jobs.com
View more jobs