An analysis on the Emotet Trojan and Mealybug [2018]

Mealybug, the group behind Emotet has changed their business model from maintaining the malware to distributer of the malware. This cybercrime as a service has obtained the interest of other threat actor groups.

Mealybug is a threat actor group which surfaced in the year 2014.

Characteristics Emotet Trojan

The Emotet Trojan has the functionality to perform brute force password attacks – this often results in failed logins, which again can lead to locked out accounts. The effect of this can be seen at IT helpdesks – they will get spammed with messages from users that have been locked out.

The second characteristic of the Emotet Trojan is the fact that it will use obtained company information to spread itself – it will use it’s spam module, and this spam module will often send out emails which contain words like ‘Invoice’ and ‘Urgent’.