Win32/TrojanProxy.Emotet [Threat Name] go to Threat
Win32/TrojanProxy.Emotet.A [Threat Variant Name]
Category | trojan |
Size | 214028 B |
Aliases | Trojan:Win32/Emotet.AD!ibt (Microsoft) |
Trojan.Emotet.907 (Dr.Web) |
Short description
The trojan serves as a proxy server. The trojan can modify network traffic.
Installation
The trojan does not create any copies of itself.
The trojan executes the following commands:
- netsh.exe advfirewall firewall delete rule name="Remote Assistance (%number%)"
- netsh advfirewall firewall add rule name="Remote Assistance (%number%)" dir=in action=allow program="%malwarefilepath%" enable=yes
The variable %number% represents a number in the range 0 - 65535 .
The performed command creates an exception in the Windows Firewall.
Information stealing
Win32/TrojanProxy.Emotet.A is a trojan that steals sensitive information.
The trojan collects the following information:
- network parameters
The trojan can send gathered information to a remote machine.
Other information
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains a list of (5) URLs. The network communication with remote computer/server is encrypted.
The trojan serves as a proxy server.
The trojan can modify network traffic. The TCP, HTTP protocol is used in the communication.