Home / malware TrojanSpy:Win32/Bancos.XN
First posted on 15 March 2017.
Source: MicrosoftAliases :
There are no other names known for TrojanSpy:Win32/Bancos.XN.
Explanation :
Installation
This threat may arrive as an attachment with the following file name from a spam email:
- Income Tax Receipt.scr
It also drops the following file copy of itself in the Startup folder o the malicious file runs everytime you start your PC.
- <%user%>\Start Menu\Programs\Startup\plutedxd.exe
Payload
Collects your sensitive information
This threat monitors all your keystroke on the system to collect your sensitive information without your consent. This can include:
- The keys you press
- The applications you open
- Your web browsing history
- Your credit card information
- Your user names and passwords
Connects to a remote host
We have seen this threat connect to a remote host, including:It connects to a remote host to send information taken from your PC such as your computer name and user name
- [hXXp]://goodigbe.com/mouse.php
This malware description was published using file SHA1 89c5248a989c79fdff943c7c896aeaee4175730d.
Analysis by Francis Tan SengLast update 15 March 2017
