Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Emotet Malware

 

Systems Affected


Network Systems

Threat Level


High


Overview


Emotet is an advanced, modular banking Trojan that is costly and destructive and primarily functions as a downloader or dropper of other banking Trojans. Due to its self-replicating features it rapidly spreads and infects network-wide and therefore, difficult to combat.


Description


Emotet spreads through phishing emails containing a malicious attachment or a malicious link pointing to malicious document which is used to download the payload. Once downloaded, it checks whether it is running in a sandboxing environment or not. If it is running in a sandbox then it will not proceed further.

If not as the further execution, to maintain persistence, Emotet injects code into explorer.exe and other running processes. It can also collect sensitive information, including system name, location, and operating system version, and it starts building a connection with its command and control server. Once the connection is established, it reports a new infection, receives configuration data, downloads and runs files, receives instructions, and uploads data to the C2 server

Emotet establishes persistence and attempts to propagate the local networks through incorporated spreader modules. Currently, Emotet uses five known spreader modules: NetPass.exe, WebBrowserPassView, Mail PassView, Outlook scraper, and a credential enumerator


Impact


  • Temporary or permanent loss of sensitive or proprietary information
  • Disruption to regular operations
  • Financial losses incurred to restore systems and files
  • s reputation.


Solution/ Workarounds


  ✻  Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.


References


https://www.us-cert.gov/ncas/alerts/TA18-201A
http://www.cert-in.org.in/
https://www.zdnet.com/article/banking-malware-finds-new-life-spreading-data-stealing-trojan/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.