The World Wide Web laid the foundation for the development of many pleasant things that we take for granted today and that a large part of the population could no longer do without.
Be it mail traffic, online banking, WLAN, streaming services or home office. But it is also the foundation of a rapidly growing development of malware and its spread.
Hundreds of thousands of new malware signatures are registered every day, both completely new and mutations of already known ones. Few have a catchy name, often as a testament to the damage they inflicted.
Emotet started out as a fairly standard banking trojan in 2014 and did little differently than many other trojans. Emotet lodged itself in the host system via phishing emails as an infected link or as a malicious attachment and waited to access bank data. That was his modus operandi until about 2016.
With 2017, Emotet surprised with a new shape. The "channel of distribution" had remained more or less the same, but now Emotet operated primarily as a "dropper". Droppers are used to reload other malware, like cargo ships.
Emotet's developers had equipped it with additional modules and capabilities and now "rented" it to other criminals for their malware and targets (e.g. ransomware, keyloggers, bots, cryptominers, etc).
Emotet was the basis of around 60% of all phishing attacks in 2019 and has evolved from a simple banking Trojan to the "weapon platform" for cybercriminals.
Among the new capabilities of Emotet were, among other things, the independent propagation in the network, through the use of an "Eternalblueexploit" module, or the bruteforcing of user accounts in the Active Directory in order to nest in other computers or to spread further via e-mail.
Emotet's greatest skill, however, is its ability to use polymorphs to trick popular signature-based antivirus solutions. Emotet is able to change its code on its own in such a way that on the one hand it retains its functions, but on the other hand it looks too different to be recognized.
It's like the police chasing a shapeshifter with mug shots. There are also modules that try to detect active scans or virtual environments in order to switch Emotet to inactive during this time.
Emotet has made a remarkable development from 2014 to today. And can be described as a showcase example, perhaps also as an avant-garde of future malware.
The most prominent example of this is probably the ThiefQuest malware, which has been further developed with a similar amount of effort since it became known in June 2020. And Emotet has not yet reached its end and started a new wave of distribution at the beginning of July 2020.
