Emotet Banking Trojan

Emotet Trojan gets on a victim PC by sending an email containing either a malicious link that leads to a downloader document or that has a malicious document attached. Either PowerShell or JavaScript is used to download the Trojan, which delivers a packed payload file to the victim machine. Once on a machine, the latest version of Emotet:

1.Moves itself to its preferred directory
2.Creates a LNK file pointing to itself in the start-up folder
3.Collects victim machine information and sends it to the C&C server
It can then download any new payloads from the C&C server, and execute them. Emotet can download an updated version of itself, or any other threat. Existing versions of Emotet download modules from the C&C server that include:

1.Banking module: This module intercepts network traffic from the browser to steal banking details entered by the user.
2. Email client infostealer module: This module steals email credentials from email client software.
3. Browser infostealer module: This module steals information such as browsing history and saved passwords.
4. PST infostealer module: This module reads through Outlook’s message archives and extracts the sender names and email addresses.

Due to the way Emotet spreads through a company’s network, any infected machine on the network will re-infect machines that have been previously cleaned when they rejoin the network. Therefore, IT teams need to isolate, patch, and remediate each infected system one-by-one. Cleaning an affected network is a procedure that can take a long time—sometimes even months—depending on the number of machines involved.

Admin need to disable Admin$ access. Change all local and administrator passwords.

Max Total Security can detect and remove this Trojan.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>