ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
MDB Signature For Emotet Banking Trojan
GuitarBob


Joined: 09 Jul 2006
Posts: 4569
Location: USA
Reply with quote
The Emotet banking trojan may be one of the worst pieces of malware around just now. It has recently been updated to do much more than steal banking credentials/information. Command and control is now in the USA. The current version has been updated to hide in an XML file within a Microsoft Word Document file in order to evade anti-malware. Below is an MDB signature for one of the two payloads. Clam Av has a signature for the other payload.

Copy the signature to a Notepad file and save it in the ClamWin db program data folder. When you save the file, do not save it with a .txt or .text on the end. Just save it as Sigfile.mdb (select type All Files to prevent the .txt or .text at the end of the filename), otherwise ClamWin will not recognize it as a signature. The MDB signatures are for important parts of a malware and will last until the next version of the malware comes out--usually in a couple of weeks, but some malware authors reuse the same part again, so this signature might last for a month or so.

122880:092aae4d09a26caed59423e9ecf1c0f8:Win.Trojan.Emotet-021419.1929

Regards,
View user's profileSend private message
MDB Signature For Emotet Banking Trojan
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic