SecurityHome.eu Infostealer.Drigo

Home / malware PDF

Infostealer.Drigo

First posted on 06 November 2014.
Source: Symantec
Aliases :
There are no other names known for Infostealer.Drigo.
Explanation :
When the Trojan is executed, it may create the following files:
C:\recycled%UserProfile%\PrintHood\Hood
The Trojan creates the following registry entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[FILE NAME]" = "C:\[FILE PATH]\[FILE NAME].exe"
The Trojan connects to the following remote location to send data to a Google Drive account:
accounts.google.com
The Trojan looks for certain file types, including the following, to upload them to a Google Drive account:
.doc.docx.xls.xlsx.ppt.pptx.pdf.txt
Last update 06 November 2014

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Infostealer.Jackpos
Infostealer.Steamilik
Infostealer.Ragua
Infostealer.Dyranges
Infostealer.Nuknuken
Infostealer.Decebal
Infostealer.Kwerti!g1
Infostealer.Steem
Infostealer.Retgate
Infostealer.Napolar!g1