SecurityHome.eu TrojanSpy:Win32/Logedrut.A

Home / malware PDF

TrojanSpy:Win32/Logedrut.A

First posted on 04 February 2015.
Source: Microsoft
Aliases :
There are no other names known for TrojanSpy:Win32/Logedrut.A.
Explanation :
Threat behavior

Installation

This threat can be installed on your PC by Trojan:Win32/Logedrut.A using the following file name:

\mstask.bat

Payload

Collects information from your email client

This threat looks for email clients installed on your PC by checking the following registry entry:

HKLM\SOFTWARE\\Clients\\Mail

It then collect stored email information from any mail clients, including:

Email message subjects

Folder locations and names

Sender and recipient email addresses

The number of stored emails

The time emails were received

It creates the file frutlog.txt to store the stolen information and uses TrojanDownloader:MSIL/Logedrut.A to upload it to a malicious hacker.

Analysis by Zarestel Ferrer

Symptoms

The following can indicate that you have this threat on your PC:

You have these files:

frutlog.txt

Last update 04 February 2015

TOP

Malware :

Last 20

Family:

TrojanSpy:Win32/Logedrut.A