Venmo phishing email with an ISO file containing VBScript acting as a downloader for additional malware components downloaded from Discord’s CDN leading to keylogging functionality on the infected system.
I decided to re-visit the Emotet analysis after receiving some indications that the infection had made its way to my labs Domain Controller.
Investigation into interesting Snort signatures uncovered XSS with anti-analysis code.
UPX packed ELF file with the “p_info” section replaced with zeros.
Analysis of malicious VBA code from Emotet Maldoc containing PowerShell downloader.