New Emotet campaign

Emotet typically spreads through phishing emails that contain malicious attachments or links. When a user opens the attachment or clicks on the link, the malware infects the system and begins to spread to other computers on the network.

Once it has infected a system, Emotet can steal sensitive information such as email credentials, passwords, and financial information. It can also download and install additional malware onto the infected system, which can be used to further compromise the security of the network.

Emotet has been responsible for a number of high-profile attacks on businesses and organizations around the world, and it is considered to be one of the most dangerous types of malware in existence. It is important to take steps to protect your systems against Emotet and other types of malware, such as by keeping your antivirus software up-to-date and educating employees about how to avoid phishing scams.

Emotet emails so far have zip attachments containing inflated Word documents (500+ MB) with macros for Emotet.
The Word macros retrieve zip archives which contain inflated 64-bit DLL files (500+ MB) for Emotet.
Aside from the inflated Word docs and inflated DLL files, the infection patterns are similar to Emotet before its haitus.

INFECTION CHAIN:

- Email --> zip attachment --> 500+ MB Word doc --> enable macros --> download zip --> 500+ MB DLL from zip --> Emotet C2