What’s up Emotet?

This report analyzes the Emotet malware family, documenting recent changes in obfuscation and communication (VM-like control-flow obfuscation, encrypted strings and RSA-encrypted AES keys, custom binary protocol with AES-CBC and SHA-1 integrity, new compression and multipart/form-data exfiltration), C2 storage and path generation, and provides sample hashes and packet/register dissections to aid detection and research.