TrojanSpy.Win64.CONFLOAD.A

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Übertragungsdetails

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Installation

Schleust die folgenden Dateien ein:

• {Malware Path}\error.txt ← Logs the error encountered

Datendiebstahl

Folgende Daten werden gesammelt:

• Browser data (Google Chrome, Microsoft Edge, Opera, Brave, Firefox):
  • Profiles
  • Login Data
  • Network Cookies
  • Local Extension Settings
• Browser data for each profile from Google Chrome, Microsoft Edge, Opera, Brave:
  • Name
  • Database
  • Cookies
  • Folder
  • Extensions
• Browser profile data from Mozilla Firefox:
  • Certificates
  • Cookies
  • Keys
  • Login data
• Maachine SID, GUID, and Key
• The following can also be gathered depending on the settings in the configuration file:
  • Cryptocurrency browser wallet extension
  • Browse for specific files
  • Browse for files that contains certain strings in their filename
  • Browse for specific folders
  • Browse for files based on a max size setting

Entwendete Daten

Die entwendeten Informationen werden in der folgenden Datei gespeichert:

• {Host IP}.json.xz

Andere Details

Es macht Folgendes:

• It requires the following files to proceed to its routine:
  • {Malware Path}\remote_config.json ← configuration file
  • {Malware Path}\{"target" file name specified in remote_config.json} ← list of targeted hosts
• It connects to the list of targeted hosts via SMB share.