U.S. Internal Revenue Service Themed Phishing Campaign Delivers Emotet

Internal Revenue Service (IRS) is a federal tax administration and collection agency.
In early November, Threat actors sent a phishing email that appeared to be from United States IRS.
This phishing email was discovered by FortiGuard and had been sent by Emotet group using a compromised email account in Pakistan.
This Email consists of two attachments with the subject "IRS Tax Forms K-1" and requires a password to unpack.

The file copies itself into the "Templates" directory and later relaunches the file.
It consists of a malicious Excel 4.0 macro that executes within a workbook that isn't protected and contains URL fragments that download additional payloads.
Emotet payload is downloaded via regsvr32.exe using the command "%WINDIR%System32regsvr32.exe /S ..oxnv[n].ooccxx".
Emotet is a DLL file that utilizes anti-analysis/debugging method and has over 270 export functions.
After Emotet is running, It tries to contact C2 server nodes.