Cert2Connect

Emansrepo Stealer Multi-Vector Attack Chains

A Python infostealer named Emansrepo has been observed since November 2023 distributed via phishing emails containing fake purchase orders and invoices. The malware steals browser data credit card information and files sending them to the attackers email. The attack chain has evolved becoming more complex with multiple stages before downloading Emansrepo. Three main attack chains are described involving HTML files AutoIt scripts and PowerShell commands. The stealers behavior is divided into three parts targeting different types of data. A new related campaign using Remcos malware has also been identified. The attackers continuously evolve their methods emphasizing the importance of cybersecurity awareness for organizations.
Overview

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak