Emotet, one of the most active recent malspam campaigns has launched a new malicious document which pretends to be a message from windows update, as reported by Bleeping Computer.
The document launches a PowerShell process which will try to connect to one of its hardcoded C&C servers to download an additional payload.
Without any prior knowledge of this malware, Minerva Armor blocks the malicious payload with our Macro Protection module, thus preventing the Emotet loader from even being downloaded to disk.
Sample:
SHA256:
bc7fdd41e05d0a99d8a4b6d1e54b14df58107e6adcbb037566e7a3a51b436479