New Report Uncovers Emotet's Delivery and Evasion Techniques Used in Recent Attacks

2022-10-10 13:10

Threat actors associated with the notorious Emotet malware are continually shifting their tactics and command-and-control infrastructure to escape detection, according to new research from VMware.

"The ongoing adaptation of Emotet's execution chain is one reason the malware has been successful for so long," researchers from VMware's Threat Analysis Unit said in a report shared with The Hacker News.

Emotet attack flows are also characterized by the use of different attack vectors in an attempt to stay covert for extended periods of time.

In January 2022 alone, VMware said it observed three different sets of attacks in which the Emotet payload was delivered via an Excel 4.0 macro, an XL4 macro with PowerShell, and a Visual Basic Application macro with PowerShell.

Emotet's re-emergence has also been marked by a change in C2 infrastructure, with the threat actor operating two new botnet clusters dubbed Epochs 4 and 5.

The changes to both the execution chains and C2 IP addresses aside, Emotet has also been spotted distributing two new plugins, one which is designed to capture credit card data from Google Chrome browser, and a spreader module that uses the SMB protocol for lateral movement.

News URL

https://thehackernews.com/2022/10/new-report-uncovers-emotets-delivery.html

#attack #emotet #report