Home / malware Infostealer.Escelar
First posted on 13 May 2015.
Source: SymantecAliases :
There are no other names known for Infostealer.Escelar.
Explanation :
The Trojan is downloaded by Downloader.Escelar.
When the Trojan is executed, it may create the following files:
%Temp%\[COMPROMISED HOST NAME].exe%Temp%\JCS.Components.NeroBar.dll
The Trojan connects to a compromised remote location.
The Trojan may then perform the following actions on the compromised computer:
Collect information from the compromised computer such as hard drive serial numbers, processor information, memory information, and operating system informationPerform SQL queries to save stolen data on a remote SQL ServerDisable the GBPlugin (used by some people to protect their internet banking sessions)Take screenshotsRestart the computerGet the X Y coordinates of the compromised computer's mouse movements
The Trojan also steals online banking credentials entered on the following websites:
https://internetbanking.caixa.gov.br/SIIBC/index.processahttp://www.bradesco.com.br/http://www.bb.com.br/https://www.itau.com.br/http://www.santanderempresarial.com.br/https://www.sicredi.com.brLast update 13 May 2015