The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Emotet's Christmas-themed phishing email ramps up - get hashes and file details in PolySwarm

Dec 18, 2019 11:04:51 AM / by PolySwarm Team

jeshoots-com-nREv5-El0M4-unsplash

Cybercriminals behind Emotet, one of the most prolific botnets in recent history, have ramped up a new Christmas-themed phishing attack. It lures victims to download malicious attachments related to "menus" for an upcoming Christmas party.

***

See the hashes, what engines are detecting and other details in PolySwarm: 

Party Menu.doc -> https://polyswarm.network/scan/results/file/c8af63a2812c5103a1cb5cc3631576f4b51ed869cef7bd53f35f8c479f7f63c7

Christmas Party.doc -> https://polyswarm.network/scan/results/file/ed7ed7ad748f0cdfb6f2e13b9b5736e17ed595eb4e69b681d35cd96fcfdb5508 

***

Using subject lines like “Christmas” or “Christmas Party” clearly their tapping into the timeliness of the holiday to get their victims to click. 

One of the phishing emails reads as follows:

“I have attached the menu for the Christmas Party next week. If you would like bring something, look at the list and let me know. Don't forget to get your donations in for the money tree. Also, wear your tackiest/ugliest Christmas sweater to the party.”

Once installed victims could be subject to ransomware downloads, spam and other phishing emails. 

Emotet is well-known as a banking Trojan but appears to have new functionality as a malware loader, using victims as a malware distribution network.

***

Related dropper samples from this Christmas email phishing campaign, currently active:

Scan permalink: https://polyswarm.network/scan/results/file/dddaf3bbd35c1d05f9afdba0cc69769a4c00be4990970594e9642d00edf5a915

Scan permalink: https://polyswarm.network/scan/results/file/dddaf3bbd35c1d05f9afdba0cc69769a4c00be4990970594e9642d00edf5a915

Scan permalink: https://polyswarm.network/scan/results/file/dddaf3bbd35c1d05f9afdba0cc69769a4c00be4990970594e9642d00edf5a915

Scan permalink: https://polyswarm.network/scan/results/file/dddaf3bbd35c1d05f9afdba0cc69769a4c00be4990970594e9642d00edf5a915

Scan permalink: https://polyswarm.network/scan/results/file/dddaf3bbd35c1d05f9afdba0cc69769a4c00be4990970594e9642d00edf5a915

Scan permalink: https://polyswarm.network/scan/results/file/dddaf3bbd35c1d05f9afdba0cc69769a4c00be4990970594e9642d00edf5a915

Scan permalink: https://polyswarm.network/scan/results/file/dddaf3bbd35c1d05f9afdba0cc69769a4c00be4990970594e9642d00edf5a915

Scan permalink: https://polyswarm.network/scan/results/file/dddaf3bbd35c1d05f9afdba0cc69769a4c00be4990970594e9642d00edf5a915

Scan permalink: https://polyswarm.network/scan/results/file/099d9114cf9b28c2283d5da4550cec51027a271f0773a2af0f45e9249ee2da81

Scan permalink: https://polyswarm.network/scan/results/file/e8d3e9d5d4c9257a079e4140d2a7806854440a260a933a0f46c2d3a1979ecc9b

Scan permalink: https://polyswarm.network/scan/results/file/e8d3e9d5d4c9257a079e4140d2a7806854440a260a933a0f46c2d3a1979ecc9b

Scan permalink: https://polyswarm.network/scan/results/file/e8d3e9d5d4c9257a079e4140d2a7806854440a260a933a0f46c2d3a1979ecc9b

Scan permalink: https://polyswarm.network/scan/results/file/e8d3e9d5d4c9257a079e4140d2a7806854440a260a933a0f46c2d3a1979ecc9b

Scan permalink: https://polyswarm.network/scan/results/file/e8d3e9d5d4c9257a079e4140d2a7806854440a260a933a0f46c2d3a1979ecc9b

***

About PolySwarm: 

PolySwarm is a threat intelligence platform that focuses on new and emerging malware. It uses an open source, crowdsourced model where specialized individual experts and niche antivirus companies compete to detect 0-day threats in real-time to protect enterprises. Accuracy and early detection are rewarded, and the coverage of their anti-malware engines is combined into a single access point. Try it out at polyswarm.network. 

 

 

Topics: Research

PolySwarm Team

Written by PolySwarm Team