Learn about the cyber threats uncovered during the week of November 15, 2019.
FortiGuard Labs has released a new Adversary Playbook, which provides valuable information for detecting, understanding, and addressing recent iterations of Emotent. Learn more.
Just a few days ago, FortiGuard Labs published a research blog about a fresh variant of Emotet. When I wrote that blog, I had not yet detected any further malicious actions from its C&C server. However, I have continued to monitor its connections, and I finally received three new modules from its C&C server.
This is the second part of FortiGuard Labs’ deep analysis of the new Emotet variant. In the first part of the analysis we demonstrated that by bypassing the server-side Anti-Debug or Anti-Analysis technique we could download three or four modules (.dll files) from the C&C server. In that first blog we only analyzed one module (I named it ‘module2’). In this blog, we’ll review how the other modules work. Here we go.