24 NovembER 2017
emotet banking trojan variant avoids sandbox and analysis
Threat actors have been observed distributing a new variant of the banking trojan ‘Emotet’ that contains changes in its usual behaviour and new routines that allow it to evade sandbox and malware analysis.
What’s Changed in the New Emotet Variant?
The re-emerged Emotet banking trojan includes an anti-analysis technique which helps threat actors avoid detection by checking when an analysis platform scans for malicious activity. The API CreateTimerQueueTimer helps Emotet do the job every 0x3E8 milliseconds.
Not only does Emotet include anti-analysis