Home / malwarePDF  

Trojan.Spygate


First posted on 20 November 2014.
Source: Symantec

Aliases :

There are no other names known for Trojan.Spygate.

Explanation :

When the Trojan is executed, it creates the following files: %SystemDrive%\Documents and Settings\All Users\Application Data\Micro\Server.exe%Temp%\Micro\Server.exe%SystemDrive%\Documents and Settings\All Users\Micro\Server.exe%SystemDrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup\[RANDOM FILE NAME].exe
The Trojan then creates files in the following folder: %SystemDrive%\Documents and Settings\All Users\Templates
Next, the Trojan creates the following registry entry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Server" = "[PATH TO THREAT].exe"
The Trojan then gathers the following computer information: Operating system typeLanguage Computer name
The Trojan may then perform the following actions: Connect to remote locations as specified by the attackerCapture screenshotsLog keystrokesGather passwords stored in web browsersDisplay and end processesList files and registry entriesRestart computerLog out usersSpread to USB drivesUpdate itselfSend messages through chat programsOpen web pages in browsersRun executables and scriptsUninstall serverDelete itself

Last update 20 November 2014

 

TOP