Reborn of Emotet: New Features of the Botnet and How to Detect it

One of the most dangerous and infamous threats is back again. In January 2021, global officials took down the botnet. Law enforcement sent a destructive update to the Emotet’s executables. And it looked like the end of the trojan’s story.

But the malware never ceased to surprise.

November 2021, it was reported that TrickBot no longer works alone and delivers Emotet. And ANY.RUN with colleagues in the industry were among the first to notice the emergence of Emotet’s malicious documents.

And this February, we can see a very active wave with crooks running numerous attacks, hitting the top in the rankings. If you are interested in this topic or researching malware, you can make use of the special help of ANY.RUN, the interactive sandbox for the detection and analysis of cyber threats.

Let’s look at the new version’s changes that this disruptive malware brought this time.

Emotet history

Emotet is a sophisticated, constantly changing modular botnet. In 2014 the malware was just a trivial banking trojan. Since that it has acquired different features, modules, and campaigns:

  • 2014. Money transfer, mail spam, DDoS, and address book stealing modules.
  • 2015. Evasion functionality.
  • 2016. Mail spam, RIG 4.0 exploit kit, delivery of other trojans.
  • 2017. A spreader and address book stealer module.

Polymorphic nature and numerous modules allow Emotet to avoid detection. The team behind the malware constantly changes its tactics, techniques, and procedures to make the existing detection rules useless. Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *