In zvelo’s effort to support the cybersecurity community with valuable knowledge and learning resources, the zveloCTI cybersecurity team has put together an instructional video and accompanying pdf document. Presented by one of zvelo’s top Senior Malicious Detection Researchers, Mario Samolis, this hour long video takes you through a step-by-step deconstruction of the Emotet malicious code which is hidden in a word document. The video and accompanying document are meant to provide a practical example from a defender’s perspective into the understanding of Emotet’s initial infection mechanisms and how to better protect your organization.
Once a banking trojan, Emotet has evolved into a modular threat which can be deployed standalone, or used to make the initial entry into a network and then deploy other malware strains. Until the recent international take down by Interpol, Emotet was one of the most prevalent threats seen across the globe. Its actions were often used in conjunction with other adversaries to conduct complex, multi-staged attacks against users to gain access to financial information or to deploy destructive payloads such as the Ryuk ransomware. For now, the criminals behind Emotet seem to have gone to ground — possibly to reorganize and develop yet another version of their malware as they done numerous times in the past.
Since there is no guarantee on when —or if — Emotet will return, defenders must continue to practice good cyber hygiene, understand our threat landscape, continue to recognize the signs of an attack, and learn how to rapidly remediate a perceived threat.
We recommend downloading this pdf version of the Emotet document analysis and follow along as you watch the video.