Friday, April 19, 2024

New Wave of Emotet Malware Hacks Wi-Fi Networks to Attack New Victims

By Guru baran

New Wave of Emotet Malware Hacks Wi-Fi Networks to Attack New Victims

A new wave of Emotet malware campaign With New Wi-Fi Spreader takes advantage of the wlanAPI interface to enumerate all Wi-Fi networks in the area and spreads the infection.

The Emotet is a banking Trojan detected in the year 2014, it was designed to steal sensitive and private information.

It is one of the most dangerous malware and it is capable of delivering payloads based on the specific tasks. It’s warm like capability helps to spread rapidly with other connected computers.

Malware Infection

Emotet primarily distributed through social engineering techniques such as the emails with the links to download the malware.

With the new Emotet campaign it arrives with a new Wi-Fi Spreader module downloads to the system C:\ProgramData. The downloaded binary contains a self-extracting RAR that has two (service.exe and worm.exe) binaries to spread the infection through WiFi.

Emotet wifi
Worm file Download

The worm.exe is the executable used for spreading the malware, once it executed it copies the service.exe to a variable for using it while spreading.

Then it calls wlanAPI.dll class that used by Native Wi-Fi to manage the wireless network profiles and connections for spreading the infection to other networks.

Emotet wifi
Emotet Wifi Distribution

“The Worm enumerates all Wi-Fi devices currently enabled on the local computer, which it returns in a series of structures. These structures contain all the information relating to the Wi-Fi device, including the device’s GUID and description,” read the Binary Defense analysis.

It gathers possible information from every available Wi-Fi network present in the list of networks.

Breaking Weak Wi-Fi Network

Once the connection established with the Wi-Fi network it enumerates users and attempts brute-force for all users on the network.

Next, the Service.exe is the payload installed by worm.exe on the machine, once installed it communicates with the C2 server and executes the binary embedded in service.exe.

Previously Emotet known to distributed only through malspam and infected networks, with this new loader it spreads through nearby wireless networks that use weak passwords.

IOCs

9.file            865cf5724137fa74bd34dd1928459110385af65ffa63b3734e18d09065c0fb36

Worm.exe    077eadce8fa6fc925b3f9bdab5940c14c20d9ce50d8a2f0be08f3071ea493de8     

Service.exe    64909f9f44b02b6a4620cdb177373abb229624f34f402335ecdb4d7c8b58520b

Managed WAF Protection

Website

Latest articles

cyber security

Akira Ransomware Attacks Over 250 Organizations and Collects $42 Million

The Akira ransomware variant has severely impacted more than 250 organizations worldwide, amassing...
Uncategorized

Alert! Windows LPE Zero-day Exploit Advertised on Hacker Forums

A new zero-day Local Privilege Escalation (LPE) exploit has been put up for sale...
Vulnerability

Palo Alto ZeroDay Exploited in The Wild Following PoC Release

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified...
Cyber Attack

FIN7 Hackers Attacking IT Employees Of Automotive Industry

IT employees in the automotive industry are often targeted by hackers because they have...
Cyber Attack

Russian APT44 – The Most Notorious Cyber Sabotage Group Globally

As Russia's invasion of Ukraine enters its third year, the formidable Sandworm (aka FROZENBARENTS,...
Android

SoumniBot Exploiting Android Manifest Flaws to Evade Detection

A new banker, SoumniBot, has recently been identified. It targets Korean users and is...
cyber security

LeSlipFrancais Data Breach: Customers’ Personal Information Exposed

LeSlipFrancais, the renowned French underwear brand, has confirmed a data breach impacting its customer...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

WAAP/WAF ROI Analysis

Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

    • Book Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

Email : [email protected]