Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Check whether your PC is infected with the Emotet malware
#1
Lightbulb 
Quote:
[Image: emotcheck-emotet-scan.png]

The malware Emotet was detected for the first time in 2014. Back then, it was designed as a banking trojan to steal sensitive information. The malware evolved over time and added more malicious activity such as spamming to its arsenal through "loading" functionality.

A loader is designed to gain access to a system to load additional payloads on the system for malicious activities. Emotet uses command and control servers to receive updates, and it contains several mechanisms to avoid detection.

Emotet continues to be a threat thanks to built-in updating capabilities. The malware's last reemergence was detected in July 2020.
Windows users who want to find out if a Windows PC is infected with Emotet have several options. Antivirus solutions, e.g. Malwarebytes or

Windows Defender, detect Emotet and prevent it from attacking the system successfully.

You may also run the open source tool EmoCheck if you just want to find out if a system is infected.

The portable tool scans the system for Emotet characteristics to reveal if it is infected. All it takes is to download the 32-bit or 64-bit version of EmoCheck from the GitHub project site and run it on a Windows system.

The program displays the result of the scan in the interface and saves  a text log file on the system as well. You can also run it from the command line using parameters such as /quiet, /json, or /output path, to run the program without console output, export the data as a JSON file, or change the default output directory.

The developer explains how EmoCheck detects the Emotet malware on GitHub, and what the different program versions added.
 
Quote:(v0.0.1)
Emotet generates their process name from a specific word dictionary and C drive serial number. EmoCheck scans the running process on the host, and find Emotet process from their process name.

(added in v0.0.2)
Emotet keeps their encoded process name in a specific registry key. EmoCheck looks up and decode the registry value, and find it from the process list. Code Signing with Microsoft Authenticode.

(added in v1.0)
Support the April 2020 updated of Emotet.
Obfuscated code.

Closing Words

EmoCheck offers a quick way to find out if a Windows system is infected by the Emotet malware. You don't need the program if your resident antivirus solution detects all the different iterations of the malware, as the system is protected against it in this case.

If you are not certain if that is the case, you may run EmoCheck to find out if the system is infected or not. First thing to do if the system is infected is to disconnect it from the network/Internet to remove the malware afterwards using an antivirus solution that detects and cleans it.

Now You: Which security software do you use, and why?
...
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • silversurfer
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Microsoft Edge fixes 0-day vulnerability...
Microsoft released...harlan4096 — 10:12
AnyDesk 8.0.9
AnyDesk 8.0.9:   ...harlan4096 — 10:10
AMD Confirms RDNA 3+ GPU Architecture F...
AMD Zen5-based Strix...harlan4096 — 10:08
Adobe Acrobat Reader DC 24.001.20629 (Op...
Adobe Acrobat Read...harlan4096 — 10:06
FastCopy 5.7.5
FastCopy 5.7.5: ...harlan4096 — 10:04

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>