SYMBOLCOMMON_NAMEaka. SYNONYMS
js.unidentified_003 (Back to overview)

Unidentified JS 003 (Emotet Downloader)

Actor(s): MUMMY SPIDER

According to Max Kersten, Emotet is dropped by a procedure spanned over multiple stages. The first stage is an office file that contains a macro. This macro then loads the second stage, which is either a PowerShell script or a piece of JavaScript, which is this family entry.

References
2020-04-14Max Kersten
@online{kersten:20200414:emotet:ec18d45, author = {Max Kersten}, title = {{Emotet JavaScript downloader}}, date = {2020-04-14}, url = {https://maxkersten.nl/binary-analysis-course/malware-analysis/emotet-javascript-downloader/}, language = {English}, urldate = {2020-04-14} } Emotet JavaScript downloader
Unidentified JS 003 (Emotet Downloader)

There is no Yara-Signature yet.