SecurityHome.eu PWS:Win32/Emotet.E

Home / malware PDF

PWS:Win32/Emotet.E

First posted on 09 November 2017.
Source: Microsoft
Aliases :
There are no other names known for PWS:Win32/Emotet.E.
Explanation :
Installation

This threat is installed by Trojan:Win32/Emotet.C.

It creates the following file on your PC:

%APPDATA% \mailpv.exe (detected as HackTool:Win32/Mailpassview)

HackTool:Win32/Mailpassview is deleted once your email account information has been stolen.

Payload

Steals your email account user names and passwords

This malware installs HackTool:Win32/Mailpassview onto your PC. This hacktool is run in a hidden window and collects your email credentials before being deleted by the malware.

The malware then connects to one the following remote servers to send the stolen information:

192.232.192.235

bardubar.com///smtp.php

bigbrotherswhitecarsite.eu///smtp.php

likesomthingstrongandculture.eu///smtp.php

The stolen email credentials are then used for sending spam emails that spread malware in the Win32/Emotet family.

Analysis by HeungSoo (David) Kang
Last update 09 November 2017

TOP

Malware :

Last 20

PWS:Win32/Emotet.E

Aliases :

Explanation :

Malware :

Family: