Emotet is a Trojan that is spread through email, that could contain a malicious attachment or a malicious link. Emotet utilizes social engineering tricks by using branding to disguise themselves to look legitimate by using tempting keywords “Payment Details”, and “Shipping Information” and luring the victim into downloading the malicious Office file and enabling macros.
Emotet uses C&C servers to receive updated versions of the virus as well as to dump stolen personal information.
Malspam is the main way that Emotet is distributed. Your friends, family, coworkers, and clients receive messages from Emotet after it has combed through your contacts list. Since the emails appear less spammy because they are originating from your compromised email account, recipients are more likely to click risky links and download malicious files because they feel safer.
Emotet can spread to other connected computers and nearby Wi-Fi networks using its worm-like ability to capture admin passwords. Emotet is an example of polymorphic malware since it may constantly alter its identifiable properties to avoid detection. It can adjust properly, for instance by going dormant to avoid discovery, if it finds itself operating in a virtual machine (VM) or sandbox environment.
Emotet frequently installs TrickBot, a different banking Trojan that targets Windows-based computers. To take advantage of the Windows EternalBlue vulnerability, TrickBot uses the Mimikatz program.
The first step is to educate yourself on what it is and how it works, so you are already ahead of the game.