Emotet: Dissecting the Info Stealing Trojan That Keeps Going

Webinar Registration

Emotet is a fascinating piece of malware for many reasons. CERt describes Emotet as “an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware affecting … governments, and the private and public sectors.”

The first thing that strikes you about Emotet is how long it’s been around. It’s like the Energizer Bunny – it just keeps going. It showed up more or less in 2014 but is still going strong. Being polymorphic helps because that means the bits of Emotet are always changing. But there’s other malware that does that too, so there is more to it than that. The group behind Emotet take code obfuscation very seriously – even implementing its main control flow as a state-machine. I’ll explain what that means and how it benefits Emotet in this real training for free event. 

The authors of Emotet show a dimension of professional rigor you don’t see in most malware and a commitment to maintainability. For one thing, they make heavy use of open source code instead of constantly reinventing the wheel. The software gained initial fame because it used lower level network APIs instead of browser functions to steal credentials. The notable aspects of Emotet’s code go on and on.

But it’s not just its programmers that make Emotet interesting. The operation’s team behind the infection campaigns and their command and control infrastructure is also interesting. Again, you see a level of professionalism and serious commitment to being effective and innovation that you just don’t encounter often. For instance, Emotet and the group behind it are moving towards automating aspects of social engineering which has traditionally been a very manual effort. Emotet scrapes a user’s email to harvest organizational context like email signatures and templates. This information can then be reused to make primary and secondary phishing emails look more legit.

In this webinar, we will show you how Emotet works, what you can do to detect and defend against Emotet, and more importantly what you can learn and do strategically. After all, Emotet is only one malware among many.

We will look at how Emotet first gets started at an organization, including the types of emails usually sent to victims, how the initial exploit works, how it gains persistence and then how it downloads and runs additional modules.

Our overall agenda for this Emotet analysis event includes:

  • Why emotet is so prevalent today and why it has been around for so long
  • Technical discussion of how emotet works and what it is designed to achieve
    • polymorphic
    • info stealer
    • dropper
    • spreading capabilities
  • Impact and damage caused by Emotet
  • Detection and defense

Joining me is Security Researcher, Emily Hacker, from our sponsor DomainTools. Emily studies malware and after helping me take you on this Emotet deep-dive, she will briefly show you how to research Emotet’s capabilities using DomainTools Iris.

Please join us for this real training for free session.

First Name:   
Last Name:   
Work Email:  
Job Title:  
Zip/Postal Code:  

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor.



Additional Resources