<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=179060&amp;fmt=gif">

Minerva Labs Blog

News & Reports

Emotet Malspam Blocked Even Before It Was Identified

Emotet, one of the most active recent malspam campaigns has launched a new malicious document which pretends to be a message from windows update, as reported by Bleeping Computer.

The document launches a PowerShell process which will try to connect to one of its hardcoded C&C servers to download an additional payload.

Without any prior knowledge of this malware, Minerva Armor blocks the malicious payload with our Macro Protection module, thus preventing the Emotet loader from even being downloaded to disk:

Sample:

SHA256:

bc7fdd41e05d0a99d8a4b6d1e54b14df58107e6adcbb037566e7a3a51b436479 (doc

Interested in Minerva? Request a Demo Below

Stay Informed

Sign up for the Minerva newsletter and stay on top of the latest cybersecurity news.

Topics

see all