I decided to re-visit the Emotet analysis after receiving some indications that the infection had made its way to my labs Domain Controller.
Investigation into interesting Snort signatures uncovered XSS with anti-analysis code.
UPX packed ELF file with the “p_info” section replaced with zeros.
Analysis of malicious VBA code from Emotet Maldoc containing PowerShell downloader.
Review of recent Emotet Maldoc obfuscation & evasion techniques