Home / malwarePDF  

Trojan.Gatak.B


First posted on 17 June 2015.
Source: Symantec

Aliases :

There are no other names known for Trojan.Gatak.B.

Explanation :

When this Trojan is executed, it injects itself into the following process: explorer.exe
Next, the Trojan gathers the following information from the compromised computer: PasswordsLicensing informationUser informationBrowser historySystem informationHardware information
The Trojan connects to the following remote locations: [http://]www.imagesup.net[REMOVED][http://]www.imagesup.net[REMOVED][http://]veverka.junyks.cz/report1[REMOVED][http://]veverka.junyks.cz/report2[REMOVED][http://]innonation.com.hk/report_n_0[REMOVED][http://]unspoiltportugal.co.uk/report_n_0[REMOVED][http://]unspoiltportugal.co.uk/report_n_0[REMOVED][http://]unspoiltportugal.co.uk/report_n_0[REMOVED][http://]207.36.232.49/report_n_0[REMOVED][http://]62.149.166.33/report_n_0[REMOVED][http://]hostthenpost.org/uploads/0adcdc2be862c6af8f[REMOVED][http://]hostthenpost.org/uploads/b35200240544469d76[REMOVED][http://]hostthenpost.org/uploads/459bf3fecee497629d[REMOVED][http://]hostthenpost.org/uploads/79b74e8263b2ee3885[REMOVED][http://]hostthenpost.org/uploads/e316eb7f5658d79666[REMOVED][http://]hostthenpost.org/uploads/6ca82c9ac1e90b1932[REMOVED][http://]hostthenpost.org/uploads/2eee3fef8e5fa323b3[REMOVED][http://]hostthenpost.org/uploads/5c7a26d88de6f72fb0[REMOVED][http://]hostthenpost.org/uploads/4a4b435e3cf3f03e50[REMOVED][http://]hostthenpost.org/uploads/06f7f3efd6cf0d2449[REMOVED]
The Trojan may also perform the following actions: Send gathered information to attacker's remote locationsDownload additional modules that are embedded in imagesDetect the presence of analysis software in memory

Last update 17 June 2015

 

TOP