The Emotet malware operation is again spamming malicious emails after almost a five-month “Vacation” that saw little activity from the notorious cybercrime operation.
Emotet is a malware infection distributed through phishing campaigns containing malicious Excel or Word documents.
Researchers from the Emotet research group Cryptolaemus reported that at approximately 4:00 AM ET on November 2nd, the Emotet operation suddenly came alive again, spamming email addresses worldwide.
The Emotet malware is downloaded as a DLL into multiple random-named folders under %UserProfile%AppDataLocal, as shown below.
Madjar told BleepingComputer that today’s Emotet infections have not begun dropping additional malware payloads on infected devices.
In the past, Emotet was known for installing the TrickBot malware and, more recently, Cobalt Strike beacons.