Windows 10: Emotet: Variants...Has anyone dealt with any strange stuff?

fdhardi · Feb 10, 2021

Hey guys, I am new here, I have joined a couple forums over the last few days, trying to get some information.
I just cleaned out a crazy persistent emotet infection, and I am having some trouble figuring out a baseline now. I need to know if you guys have named pipes set to allow anonymous shares configured by svchost with scTbePrivelege normally, ideally immediately following clean install. The information can be found in event viewer under Application and service logs/microsoft/windows/smb server and also SMB client path. That was the ingress point and after cleaning the infection with nuke and pave the pipes are set back to that same setting with activity from untrackable processes. So I bought a new laptop just to check it out, and strangely, there was one entry in event logs from last year, where a pipe was set to allow anonymous users and then configured as a netBT endpoint. Terminal server logs show the pipe used in + out once . To me, this is very odd. Can anyone enlighten me? Win10 19042, also saw behavior on 20h

:)

Brink · Feb 10, 2021

Mitigating and eliminating Qakbot and Emotet in corporate networks

The threat to information is greater than ever, with data breaches, phishing attacks, and other forms of information theft like point-of-sale malware and ATM hacks becoming all too common in today's threat landscape. Information-stealing trojans are in the same category of threats that deliver a steady stream of risk to data and can lead to significant financial loss.

Qakbot and Emotet are information stealers that have been showing renewed activity in recent months. These malware families are technically different, but they share many similarities in behavior. They both have the ultimate goal of stealing online banking credentials that malware operators can then use to steal money from online banking accounts. They can also steal other sensitive information using techniques like keylogging.

Figure 1. Qakbot and Emotet monthly machine encounters show an upward trend. This data doesn’t include Qakbot and Emotet variants blocked by automation and cloud rules.

Even though these malware families are typically known to target individual online banking users, more and more enterprises, small and medium businesses, and other organizations have been affected by indiscriminate infections.

Figure 2. Breakdown of Qakbot and Emotet machine encounters

Recent variants of these malware families have spreading capabilities, which can increase the chances of multiple infections in corporate networks. They can also be spread by other malware during the lateral movement stage of a cyberattack.

Typical Qakbot and Emotet kill chain

Over the years, the cybercriminals behind Qakbot and Emotet have improved the code behind their malware. They have evolved to evade detection, stay under the radar longer, and increase the chances of spreading to other potential victims.
We mapped some of the common behaviors we’ve seen in Qakbot and Emotet variants and see a lot of similarities.

Figure 3. Qakbot and Emotet attack kill chain. Note that some Qakbot and Emotet variants might not exhibit all of the behaviors above and might be capable of unique routines.

Because of similarities in behavior, Qakbot and Emotet can be mitigated by similar security measures.
Click to expand...

Read more: Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks Windows Security blog

Autumn20 · Feb 10, 2021

Shortcut key for "My Stuff" ?

Using Windows 10, here's the steps I'm taking to search for files on the computer:

Click Start Menu (or tap the Windows key on the keyboard)

Start typing a search term

Click "My Stuff"

When it finds your file, click it to make the file open

If you want to open File Explorer and peruse similar files without opening files:

After clicking "My Stuff" (in Step 3) go to the bottom area under "Other places to look" and click "File Explorer"

File Explorer opens

Question: I don't want to use the mouse to click "My Stuff" in step 3. Is there a shortcut key?

Autumn20 · Feb 10, 2021

Shortcut key for "My Stuff" ?

Using Windows 10, here's the steps I'm taking to search for files on the computer:

Click Start Menu (or tap the Windows key on the keyboard)

Start typing a search term

Click "My Stuff"

When it finds your file, click it to make the file open

If you want to open File Explorer and peruse similar files without opening files:

After clicking "My Stuff" (in Step 3) go to the bottom area under "Other places to look" and click "File Explorer"

File Explorer opens

Question: I don't want to use the mouse to click "My Stuff" in step 3. Is there a shortcut key?

Windows 10: Emotet: Variants...Has anyone dealt with any strange stuff?

Emotet: Variants...Has anyone dealt with any strange stuff?

Emotet: Variants...Has anyone dealt with any strange stuff?

Emotet: Variants...Has anyone dealt with any strange stuff?

Emotet: Variants...Has anyone dealt with any strange stuff? - Similar Threads - Emotet Variants Has

Has Trojan Emotet threat been removed or restored?

Has Trojan Emotet threat been removed or restored?

Has Trojan Emotet threat been removed or restored?

Fresh install 3rd install offline.. Anyone get strange stuff?

Has anyone had trouble signing the legal stuff when creating a child account?

Anyone have any idea why this has happened.

Strange initial screen - has anyone seen this before?

Strange Webpage Stuff

has anyone found any use for cortana ?