Home / malwarePDF  

Infostealer.Donpos


First posted on 19 November 2015.
Source: Symantec

Aliases :

There are no other names known for Infostealer.Donpos.

Explanation :

The Trojan may arrive on the compromised computer after being downloaded by exploit kits or other malicious files.

When the Trojan is executed, it creates the following registry entry so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"chrome": "%CurrentFolder%\[RANDOM FILE NAME]"
The Trojan creates the following mutexes:
devil_hostDeviL_Task
The Trojan may perform the following actions:
Inject a thread into all running processes, except for itselfSteal credit card information from the memory of all running processes
The Trojan may send the stolen information to one of the following remote locations:
50.7.138.13891.234.34.44

Last update 19 November 2015

 

TOP