Analysis of the New Modules that Emotet Spreads

| March 11, 2019

article image
Just a few days ago, FortiGuard Labs published a research blog about a fresh variant of Emotet. When I wrote that blog, I had not yet detected any further malicious actions from its C&C server. However, I have continued to monitor its connections, and I finally received three new modules from its C&C server. I have now analyzed all of them, and I will now show you how they work on a victim’s system. The C&C server replies with a response packet when an infected system sends it information about the victim’s machine and its list of running processes. As expected, the response data is encrypted. After decrypting it twice, we eventually uncovered three modules. To classify them, I simply name them in this analysis as Module1, Module2, and Module3. Figure 1 shows the data snippet of the three modules after decryption.

Spotlight

LinuxWorld Informatics Pvt Ltd

LinuxWorld, short for LW, is a technology and training solutions company based in Jaipur, India. For around a decade now, the company has successfully built a niche of its own by offering an integrated portfolio of high end Linux, Open Source & Security trainings and support services.

OTHER ARTICLES

Why enterprises are going all-in on hyperscale

Article | February 10, 2020

Cloud computing continues to dominate the technology space, with cloud migration yielding a rain of opportunities and benefits. To date, achieving massive scale in computing power and data storage is a priority for organizations looking to mature in digital transformation. Hyperscale infrastructure is designed exclusively for that purpose, and it offers increasingly relevant features such as high levels of performance and high tolerance and room for error as well as redundancy. A recent report showed enterprises are leaning towards hyperscalers for cloud services as compared to second-tier providers.

Read More

Infrastructure as code vs. platform as code

Article | April 15, 2020

With infrastructure as code (IaC), you write declarative instructions about compute, storage and network requirements for the infra and execute it. How does this compare to platform as code (PaC) and what did these two concepts develop in response to? In its simplest form, the tech stack of any application has three layers — the infra layer containing bare metal instances, virtual machines, networking, firewall, security etc.; the platform layer with the OS, runtime environment, development tools etc.; and the application layer which, of course, contains your application code and data. A typical operations team works on the provisioning, monitoring and management of the infra and platform layers, in addition to enabling the deployment of code.

Read More

As Edge Applications Multiply, OpenInfra Community Delivers StarlingX 5.0, Offering Cloud Infrastructure Stack for 5G, IoT

Article | June 2, 2021

StarlingX—the open source edge computing and IoT cloud platform optimized for low-latency and high-performance applications—is available in its 5.0 release today. StarlingX combines Ceph, OpenStack, Kubernetes and more to create a full-featured cloud software stack that provides everything carriers and enterprises need to deploy an edge cloud on a few servers or hundreds of them.

Read More

Graph machine learning in distributed systems: What you need to know

Article | March 16, 2020

Just as graphs make it easier for us to understand and act on complex data, graph machine learning can take graph theory a giant step further. But can it even help today’s service providers to improve reliability and predict anomalous behaviors in complicated distributed systems? Find out below…How much do you know about graph representation of data? Over the last two decades, graph theory has become increasingly popular in both research and industry. Among other areas, it has been used in epidemiology, medicine genetics, healthcare, banking and engineering to solve challenges such as routing, finding relation, path etc.

Read More

Spotlight

LinuxWorld Informatics Pvt Ltd

LinuxWorld, short for LW, is a technology and training solutions company based in Jaipur, India. For around a decade now, the company has successfully built a niche of its own by offering an integrated portfolio of high end Linux, Open Source & Security trainings and support services.

Events