SecurityHome.eu Trojan.Bernpos

Home / malware PDF

Trojan.Bernpos

First posted on 16 July 2015.
Source: Symantec
Aliases :
There are no other names known for Trojan.Bernpos.
Explanation :
When the Trojan is executed, it creates the following mutex: OPSEC_BERNHARD
The Trojan then creates the following mailslot: \\.\mailslot\ww2
Next, the Trojan creates the following registry entry so that it runs every time Windows starts: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"coreService" = "[MALWARE PATH].exe"
The Trojan then registers itself for scheduled tasks.

Next, the Trojan injects itself into other processes and attempts to steal credit card numbers.

The Trojan then sends the stolen data to the following IP address: 5.101.147.126
Last update 16 July 2015

TOP

Malware :

Backdoor.WinCE.Brador.A
WinCE.Dust.A
Backdoor:WinCE/PhoneCreeper.A
Dialer:WinCE/Terdial.A
Trojan:WinCE/Terdial

Last 20

Family:

Trojan.Bernpos