Emotet banking trojan possibly being prepped for a new attack


Level 69
Content Creator
Malware Hunter
Aug 17, 2014
Security researchers are seeing signs that the Emotet banking trojan is about to awaken from its latest hiatus by deploying newly improved credential and email stealing modules.

Emotet last came to life in January 2020 but analysts with the Herjavec Group believe the new modules are being placed as a first step toward the launch of a new phishing campaign. If and when this is released targets will find themselves battling its anti-malware evasion and a hashbusting implementation which makes it more dangerous compared to previous versions. Hashbusting ensures that the malware will have a different hash on each system it infects, rendering hash-based detections useless.

Some of the technical changes incorporated include reworked malware code to incorporate the use of a state machine to obfuscate the control flow and branches of code being flattened into nested loops, which enables the code blocks to be in any order and operationally execute in order by the state machine.
Last edited: