Q&A How well are you protected against Emotet?

McMcbrad

Level 20
Oct 16, 2020
967
@McMcbrad
Could I get a sample? I would like to test it against Dr.Web.
Hi, please make sure you install Oracle Java platform, as today I will be exploiting that. I want to make it a bit more difficult for security solutions.
There is a high probability of failure, so please only test the sample in virtual environment. The malware that will be downloaded doesn't detect virtual machines and steals credentials stored in browsers.

Once you've downloaded that, please let me know. I'll generate a fresh sample.

Due to the quick reaction times I’ve observed from Microsoft Defender and Avast/AVG, I recommend that all samples are tested within few hours after being generated. Keeping them around for too long might produce unrealistic results.
 
Last edited:

Nordman

Level 1
Jun 3, 2020
17
Oh, Hi There.bat

1605728877600.png

1605728904200.png


1605728927700.png


1605728957400.png


1605728979800.png


@McMcbrad, thanks very much for providing the samples.
 
Last edited:

McMcbrad

Level 20
Oct 16, 2020
967
After talking to Avast team about the whole attack scenario, this is what happens now.

Static scan detects nothing.
1605729926055.png


Upon execution, the chain is being held. Shortly after, behavioural blocker kicks in with 2 detections and terminates the process even before CMD could invoke PowerShell. Before, it was stopping them with the Web Blocker.

1605730059863.png
 
Last edited:
Top