Emotet is a malware initially designed as banking malware that today is mainly used as infrastructure for malware deployment.
There have been partnerships with other actors in the past, such as Trickbot, who have used it extensively to support their infections, often leading to Ryuk ransomware attacks.
Although Emotet was shut down by the authorities in January 2021, it was back up and running again in November 2021. Today Emotet is very active and constantly evolving to improve both its delivery and evasion mechanisms for defensive capabilities.
Based on the studies carried out by our Threat Hunting team, Emotet can currently deploy the following capabilities or modules:
- Sending emails with malicious attachments.
- Module for performing various techniques for lateral movements.
- Modules to recover passwords used by the victim in different applications (fundamentally email and web)