Emotet exposed: looking inside highly destructive malware

As malware, Emotet is so prolific and dominant that the US Cyber Emergency Response Team (US-CERT), the body tasked with tracking cyberthreats to the country, named Emotet in July 2018, as: “among the most costly and destructive malware” to affect governments, enterprises and organisations large and small, as well as individual computer users.1 Emotet is so prolific that the US Cyber Emergency Response Team (US-CERT) said it is, “among the most costly and destructive malware” to affect governments and enterprises. The best way to combat a threat is to understand it. So in this article, the SophosLabs Research Team picks the malware apart to see how it functions. They examine the infection vectors and delivery mechanisms, how the malware tries to hide and how Emotet uses the Windows system itself to persist and carry out its malicious work. © 2019 Elsevier Ltd