Alerts
Events
DCR
Explore Cyware Products
Alerts
Events
DCR
Go to listing page
Emotet Downloader Document Uses Regsvr32 for Execution
Malware and Vulnerabilities
August 02, 2022
Security Boulevard
Obfuscated Excel macros are used to download and run the Emotet loader. The Emotet loader is executed using regsvr32.exe. A Windows service is used for Emotet payload persistence.
Read More
Emotet attack
Malware Downloader
Regsvr32
Excel macros
Persistence Technique
Publisher
Previous
Meta, US hospitals sued for using healthcare data to ta ...
Incident Response, Learnings
Next
How misusing properly serialized data opened TCL LinkHu ...
Malware and Vulnerabilities
/https://cyware-ent.s3.amazonaws.com/image_bank/2e38_shutterstock_2068306355.jpeg)
/https://cyware-ent.s3.amazonaws.com/image_bank/c7b0_shutterstock_1934980238.jpeg)
