SecurityHome.eu Infostealer.Morstup

Home / malware PDF

Infostealer.Morstup

First posted on 04 December 2014.
Source: Symantec
Aliases :
There are no other names known for Infostealer.Morstup.
Explanation :
When the Trojan is executed, it creates the following files: %UserProfile%\Application Data\[RANDOM CHARACTERS].vbs%SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].bat%SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\[RANDOM CHARACTERS].exe
The Trojan may then perform the following actions: Inject malicious code into Internet Explorer, Chrome, and Firefox. Modify browser settings to disable the SPDY protocol. Hook network API to intercept outbound HTTP traffic.
The Trojan then sends the intercepted traffic to the following remote location: [http://]www.moraisefernandes.com.br/test/gate[REMOVED]
Last update 04 December 2014

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Infostealer.Jackpos
Infostealer.Steamilik
Infostealer.Ragua
Infostealer.Dyranges
Infostealer.Nuknuken
Infostealer.Decebal
Infostealer.Kwerti!g1
Infostealer.Steem
Infostealer.Retgate
Infostealer.Napolar!g1