Emotet s authors have upgraded the malware’s Wi-Fi spreader by making it a fully-fledged module and adding new functionality as shown by samples recently spotted in the wild. The malware’s authors have also tweaked the service-and-control (C&C) server to download the loader from the C&C server and save it on the compromised computer as firefox.exe, thus making sure that the latest loader version is being deployed. The new module is now capable of brute-forcing ADMIN$ shares on targeted networks when it fails brute-force a device’s C$ share.
Source: https://www.bleepingcomputer.com/news/security/emotet-actively-using-upgraded-wifi-spreader-to-infect-victims/