Emotet steals sensitive information and has the capability to download and install other malware and modules onto the system.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
Upon execution, Emotet will attempt to create a copy of itself and then delete the main executable.
Afterwards, it creates a child process of itself, which then creates a service and uses the Windows API CreateTimerQueueTimer to invoke a recurring thread which connects to a malicious command and control (C&C) server.
Emotet is typically encountered when the user inadvertently opens a malicious file attachment that arrives via a spam email message.
Adds the following registry key to create service:
It encrypts the following data using an RSA public key, which is present inside the file, then sends the encrypted data to the C&C server:
It connects to the following servers:
The following functionality may also be carried out if the C&C server responds:
Analysis on file: 7e5e1f837189e5127aa86e0a834fe8f1e55c57c7
Analysis by: Neeraj Singh