The malware Emotet was detected for the first time in 2014. Back then, it was designed as a banking trojan to steal sensitive information. The malware evolved over time and added more malicious activity such as spamming to its arsenal through "loading" functionality.
A loader is designed to gain access to a system to load additional payloads on the system for malicious activities. Emotet uses command and control servers to receive updates, and it contains several mechanisms to avoid detection.
Emotet continues to be a threat thanks to built-in updating capabilities. The malware's last reemergence was detected in July 2020.
Windows users who want to find out if a Windows PC is infected with Emotet have several options. Antivirus solutions, e.g. Malwarebytes or Windows Defender, detect Emotet and prevent it from attacking the system successfully.
You may also run the open source tool EmoCheck if you just want to find out if a system is infected.
The portable tool scans the system for Emotet characteristics to reveal if it is infected. All it takes is to download the 32-bit or 64-bit version of EmoCheck from the GitHub project site and run it on a Windows system.
The program displays the result of the scan in the interface and saves a text log file on the system as well. You can also run it from the command line using parameters such as /quiet, /json, or /output path, to run the program without console output, export the data as a JSON file, or change the default output directory.
The developer explains how EmoCheck detects the Emotet malware on GitHub, and what the different program versions added.
Emotet generates their process name from a specific word dictionary and C drive serial number. EmoCheck scans the running process on the host, and find Emotet process from their process name.
(added in v0.0.2)
Emotet keeps their encoded process name in a specific registry key. EmoCheck looks up and decode the registry value, and find it from the process list. Code Signing with Microsoft Authenticode.
(added in v1.0)
Support the April 2020 updated of Emotet.
EmoCheck offers a quick way to find out if a Windows system is infected by the Emotet malware. You don't need the program if your resident antivirus solution detects all the different iterations of the malware, as the system is protected against it in this case.
If you are not certain if that is the case, you may run EmoCheck to find out if the system is infected or not. First thing to do if the system is infected is to disconnect it from the network/Internet to remove the malware afterwards using an antivirus solution that detects and cleans it.
Now You: Which security software do you use, and why?
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.