Home / malwarePDF  

Infostealer.Posfind


First posted on 21 March 2015.
Source: Symantec

Aliases :

There are no other names known for Infostealer.Posfind.

Explanation :

When the Trojan is executed, it creates the following files: %System%\[RANDOM CHARACTERS].exe%UserProfile%\[RANDOM CHARACTERS].exe
The Trojan then creates the following registry entries so that it runs every time Windows starts: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[RANDOM CHARACTERS]" = "%System%\[RANDOM CHARACTERS].exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[RANDOM CHARACTERS]" = "%System%\[RANDOM CHARACTERS].exe"
The Trojan then opens a back door on the compromised computer, allowing an attacker to perform the following actions:
Gather payment card informationLog keystrokes
The Trojan then sends the stolen information to one of the following remote locations:[http://]wondertechmy.com/pes/viewtopic.php [REMOVED][http://]wondertechmy.ru/pes/viewto[REMOVED][http://]wondwondnew.ru/pes/viewto[REMOVED][http://]etidfortgot.ru/pes1/viewto[REMOVED] [http://]marisparbab.ru/pes1/viewto[REMOVED][http://]utdownhersning.com/pes1/viewto[REMOVED][http://]repherfeted.com/pes3/viewto[REMOVED] [http://]hepretfortna.ru/pes3/viewto[REMOVED] [http://]sivesuhat.ru/pes3/viewto[REMOVED][http://]pavesohap.com/pes4/viewto[REMOVED] [http://]rechedtthaten.ru/pes4/viewto[REMOVED] [http://]forttapaha.ru/pes4/viewto[REMOVED][http://]gutontredsup.com/pes6/viewto[REMOVED] [http://]sedsoceheg.ru/pes6/viewto[REMOVED][http://]righletfoligh.ru/pes6/viewto[REMOVED][http://]ranferolto.com/pes7/viewto[REMOVED] [http://]andbohemut.com/pes7/viewto[REMOVED][http://]leladingna.com/pes7/viewto[REMOVED] [http://]bejustoftun.com/pes7/viewto[REMOVED][http://]betroninsi.com/pes7/viewto[REMOVED] [http://]dilelanang.ru/pes7/viewto[REMOVED] [http://]ftjuunbesto.ru/pes7/viewto[REMOVED][http://]stenfirthsta.com/pes8/viewto[REMOVED][http://]gantropine.com/pes8/viewto[REMOVED][http://]letgrownast.com/pes8/viewto[REMOVED]vhttp://nawertoby.com/pes8/viewtopic.php[http://]windetrusty.com/pes8/viewto[REMOVED][http://]masquarten.com/pes9/viewto[REMOVED] [http://]juindorey.com/pes9/viewto[REMOVED] [http://]wekustines.ru/pes9/viewto[REMOVED] [http://]saqunold.ru/pes9/viewto[REMOVED] [http://]pomdonekw.ru/pes9/viewto[REMOVED][http://]polutenign.ru/pes12/viewto[REMOVED] [http://]beritgusaf.ru/pes12/viewto[REMOVED] [http://]silawecxla.ru/pes12/viewto[REMOVED] [http://]latemiishe.ru/pes12/viewto[REMOVED][http://]qwertygontul.com/pes12/viewto[REMOVED]

Last update 21 March 2015

 

TOP

Malware :

Family: