Home / malware Trojan.Spygate
First posted on 20 November 2014.
Source: SymantecAliases :
There are no other names known for Trojan.Spygate.
Explanation :
When the Trojan is executed, it creates the following files: %SystemDrive%\Documents and Settings\All Users\Application Data\Micro\Server.exe%Temp%\Micro\Server.exe%SystemDrive%\Documents and Settings\All Users\Micro\Server.exe%SystemDrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup\[RANDOM FILE NAME].exe
The Trojan then creates files in the following folder: %SystemDrive%\Documents and Settings\All Users\Templates
Next, the Trojan creates the following registry entry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Server" = "[PATH TO THREAT].exe"
The Trojan then gathers the following computer information: Operating system typeLanguage Computer name
The Trojan may then perform the following actions: Connect to remote locations as specified by the attackerCapture screenshotsLog keystrokesGather passwords stored in web browsersDisplay and end processesList files and registry entriesRestart computerLog out usersSpread to USB drivesUpdate itselfSend messages through chat programsOpen web pages in browsersRun executables and scriptsUninstall serverDelete itselfLast update 20 November 2014
