Emotet Resurgence Packs In New Binaries, Trickbot Functions

Emotet Resurgence Packs In New Binaries, Trickbot Functions (Nov 6, 2019)

Emotet, a banking Trojan first discovered in 2014 has returned with upgraded functions. Researchers at Proofpoint determined that between January and March 2019, Emotet accounted for almost two-thirds of all phishing payloads. With an uptick in activity, a number of changes have been seen in the malware’s deployment and functionality. Multiple functions have been added to Emotet that are also seen in TrickBot, such as an API call resolution and other obfuscation techniques. Other changes to the Emotet main payload are minor including Command and Control (C2) lists and RSA keys.

Recommendation: Users should be educated on the risks of phishing, specifically, how to identify such attempts and whom to contact if a phishing attack is identified. Emails that request that the recipient follow a link or open an attachment can often be indicative of a phishing attack. Always practice Defense in Depth (do not rely on single security mechanisms - security measures should be layered, redundant, and failsafe).

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.