This repository contains documents relating to a malware analysis conducted on 8/3/2020. The analysis was conducted for the purpose of finding correlations in attack patterns being observed against a specific target to see if any of the attacks are related.
- These samples were obtained via fake email accounts.
- The email account which sent the sample were not trusted by the recipient.
- The email did not get caught by any spam or virus protection.
- Most malicious samples have been removed and replaced with their hash values for security reasons.
- The original email attachment is included under "\Malicious_Dropper\MALWARE_SAMPLE_8-3-2020.zip."
- The machine used is a Windows 7 Professional SP1 Build 7601 on bare-metal.
- The username used was ADMIN.
- The hostname used was SANDY.
- All indicators of compromise detected were identified as belonging to the Emotet family of Trojan.
- Emotet is a versatile trojan initially designed for information theft, remote persistance, ransomware delivery, and botnet management.
- Emotet propagates primarily through infected email attachments and phishing campaigns.
- I do not believe this campaign is part of an attack aimed at a specific organization.
- I believe the attackers are spraying malicious email attachments at known U.S. manufactruring companies.
- I believe the attackers will indiscriminately sent malicious emails to any address they find.
- The technological complexity of the dropper was slightly Above Average.
- The technological complexity of the payload was Average.
- The social engineering complexity of this campaign was Negligible.
- This campaign primarily relies on human elements to infect a target rather than technical vulnerabilities.
- Organizational commitment to training.
- Due dilligence on an individual level.
- Email address whitelisting or email domain blacklisting.