Emotet is a Trojan that is primarily spread through spam emails. The infection may arrive either via malicious script, macro-enabled document files, or malicious link
Emotet was first identified in 2014 as a relatively simple trojan for stealing banking account credentials. Within a year or two, it had reinvented itself as a formidable downloader or dropper that, after infecting a PC, installed other malware
The ability to spread to nearby Wi-Fi networks
hard to detect as malicious
File less infections, such as PowerShell scripts that also make post-infections difficult to detect
Worm-like features that steal administrative passwords and use them to spread throughout a network
Emotet Malware
Emotet malware operation is back at business. After a short break, An recent phishing campaign is looking for new victims to infect with some old school techniques in-addition to combat Microsoft’s security controls.
Working:
The Emotet operators via email, an maliciously crafted mail which sends a spoofed reply email to a legitimate email thread.
After Emotet infects a system, it collects email messages from the local system and uploads them to the attacker.
The attacker then sends a spoofed email with the content from the legitimate email chain from an attacker controlled email account.
The victim receives the phishing email that appears to be a reply from a previous legitimate email exchange. This phishing campaign uses Microsoft Excel files with malicious macros (automated code) to infect the system.
Note: Microsoft opens Office documents downloaded from the web in Protected View
This specific process required an action from the user to take additional steps to run the malicious macros.
Reference:
https://unit42.paloaltonetworks.com/emotet-thread-hijacking/
Comments