HKTL_ELITESTEAL

This hacking tool may be manually installed by a user.

It gathers certain information on the affected computer. It retrieves specific information from the affected system.

Arrival Details

This hacking tool may be manually installed by a user.

Installation

This hacking tool drops the following files:

• %User Temp%\{COMPUTER NAME} - contains collected information
• %User Temp%\winlogin.exe - non malicious file
• {Malware Path}\Server.exe

(Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Local\Temp on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.)

Information Theft

This hacking tool gathers the following information on the affected computer:

• Mozilla Firefox
• ICQ
• Opera
• Safari
• Google Chrome
• MSN
• Steam Username
• jDownloader
• FileZilla
• Pidgin

It retrieves the following information from the affected system:

• Current Time and Date
• Computer Name
• OS Version
• Product Key
• IP Address

Other Details

This hacking tool connects to the following URL(s) to get the affected system's IP address:

• automation.whatsmyip.com

It displays the following images:

NOTES:

Its routines does the following:

• Check FTP Connection - creates Testlog.txt to FTP location
• Check PHP Connection - creates Testlog to Panel
• Build Stealer Button - {Malware Path}\Server.exe is dropped