SecurityHome.eu Infostealer.Ecsudown

Home / malware PDF

Infostealer.Ecsudown

First posted on 24 July 2014.
Source: Symantec
Aliases :
There are no other names known for Infostealer.Ecsudown.
Explanation :
When the Trojan is executed, it creates the following file:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\mscsres.exe

The Trojan connects to one of the following servers:
p.googlecomjpus.comc.goodfmm89.com
The Trojan monitors Internet Explorer and attempts to steal online banking credentials from specific websites.

The Trojan sends the stolen information to one of the following remote servers:
107.6.45.152j.googlecomjpde.comi.goodfmm88.com
The Trojan accesses one of the following websites to obtain an encrypted configuration file:
tt.hellokt888.comccclc8.comccclc9.com
Note: The configuration file contains a URL to an updated version of the Trojan.
Last update 24 July 2014

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Infostealer.Jackpos
Infostealer.Steamilik
Infostealer.Ragua
Infostealer.Dyranges
Infostealer.Nuknuken
Infostealer.Decebal
Infostealer.Kwerti!g1
Infostealer.Steem
Infostealer.Retgate
Infostealer.Napolar!g1