First posted on 09 November 2017.
There are no other names known for PWS:Win32/Emotet.E.
This threat is installed by Trojan:Win32/Emotet.C.
It creates the following file on your PC:
- %APPDATA% \mailpv.exe (detected as HackTool:Win32/Mailpassview)
HackTool:Win32/Mailpassview is deleted once your email account information has been stolen.
Steals your email account user names and passwords
This malware installs HackTool:Win32/Mailpassview onto your PC. This hacktool is run in a hidden window and collects your email credentials before being deleted by the malware.
The malware then connects to one the following remote servers to send the stolen information:
The stolen email credentials are then used for sending spam emails that spread malware in the Win32/Emotet family.
Analysis by HeungSoo (David) Kang
Last update 09 November 2017