Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
The Emotet malware has experienced a resurgence in popularity even though it is not open-source software. When a TLS connection is established with an Emotet server, the attacker might be able to maintain a persistent presence on your network, steal user credentials, and spread malware across the network with a self-replicating worm.
Kill Chain
Risk Score
83
Emotet is malware known for stealing credentials, installing other malware packages, and infecting email accounts to spam contacts with malicious emails. Emotet targets Windows environments and is commonly distributed through email phishing campaigns. When a user clicks on a phishing link, a stager downloads and runs the Emotet malware to establish a connection with an attacker-controlled C&C server over HTTPS. If the Emotet malware is successfully installed, it can attempt to brute force passwords, collect credentials, or distribute other malware packages. Emotet will then access available email contacts and turn the device into a spambot that sends frequent emails containing malicious attachments or links to infect other machines.
