Emotet Malspam Blocked Even Before It Was Identified

Minerva Labs | 02.11.20 | 0 Minutes Read

Emotet, one of the most active recent malspam campaigns has launched a new malicious document which pretends to be a message from windows update, as reported by Bleeping Computer.

The document launches a PowerShell process which will try to connect to one of its hardcoded C&C servers to download an additional payload.

Without any prior knowledge of this malware, Minerva Armor blocks the malicious payload with our Macro Protection module, thus preventing the Emotet loader from even being downloaded to disk.

Sample:

SHA256:

bc7fdd41e05d0a99d8a4b6d1e54b14df58107e6adcbb037566e7a3a51b436479

malware prevention macroprotection minerva armor

Emotet Malspam Blocked Even Before It Was Identified

Subscribe to our newsletter

Latest Articles

Minerva Armor Customer Testimonial – Baron Capital

Recorded Webinar – Ransomware Simulation Demo

Minerva Armor Customer Testimonial – Motorola Mobility

What Makes Ransomware so Different from other Cyber Attacks?

Extending Security Services for MSP customers

See the Minerva Armor Platform in Action!

Emotet Malspam Blocked Even Before It Was Identified

Subscribe to our newsletter

Latest Articles

Minerva Armor Customer Testimonial – Baron Capital

Recorded Webinar – Ransomware Simulation Demo

Minerva Armor Customer Testimonial – Motorola Mobility

What Makes Ransomware so Different from other Cyber Attacks?

Extending Security Services for MSP customers

Related Articles

VIDEOS

Minerva Armor Customer Testimonial – Baron Capital

WEBINARS

Recorded Webinar – Ransomware Simulation Demo

VIDEOS

Minerva Armor Customer Testimonial – Motorola Mobility

See the Minerva Armor Platform in Action!