Home / malware Infostealer.Banload
First posted on 30 October 2015.
Source: SymantecAliases :
There are no other names known for Infostealer.Banload.
Explanation :
The Trojan may arrive on the compromised computer through spam emails.
When the Trojan is executed, it may create the following file:
%SystemDrive%\ProgramData\nutray.exe
The Trojan may create the following registry entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"COM+" = "%SystemDrive%\ProgramData\nutray.exe"
The Trojan may open a back door, and connect to one of the following remote locations:
[http://]smartcell.webcindario.com/acess[REMOVED][http://]marmitariakisabor.com/oficial/acess[REMOVED]
The Trojan may steal the following information from browser pages with banking related strings present:
UsernamesPasswords
The Trojan may download other potentially malicious files.Last update 30 October 2015
