Home / malware Infostealer.Drigo
First posted on 06 November 2014.
Source: SymantecAliases :
There are no other names known for Infostealer.Drigo.
Explanation :
When the Trojan is executed, it may create the following files:
C:\recycled%UserProfile%\PrintHood\Hood
The Trojan creates the following registry entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[FILE NAME]" = "C:\[FILE PATH]\[FILE NAME].exe"
The Trojan connects to the following remote location to send data to a Google Drive account:
accounts.google.com
The Trojan looks for certain file types, including the following, to upload them to a Google Drive account:
.doc.docx.xls.xlsx.ppt.pptx.pdf.txtLast update 06 November 2014
