Shulou(Shulou.com)06/02 Report--

This article mainly shows you "what will be the impact of the new Trojan InnfiRAT", the content is easy to understand, clear, hope to help you solve your doubts, the following let the editor lead you to study and learn "what is the impact of the new Trojan InnfiRAT" this article.

Background

Foreign security researchers have exposed a new type of Trojan horse called InnfiRAT, which is written in. Net and has behaviors such as stealing user information, grabbing browser Cookie to steal passwords, screen capture, downloading and executing other malicious files. In addition, the Trojan also looks for cryptocurrency wallet information on the host and is used to steal cryptocurrencies (Lettercoin and Bitcoin).

Functional analysis

The Trojan process first detects whether its own path is% AppData%\ NvidiaDriver.exe, terminates the process named NvidiaDriver.exe, and copies itself to% AppData%\ NvidiaDriver.exe to execute again:

After re-running as NvidiaDriver.exe, a piece of base64-encoded data is spliced, decoded into a PE file, and loaded into memory for execution:

Get the host information and check whether the Manufacturer contains the relevant string for anti-virtual machine operation:

Create a DuplexChannelFactory to communicate with the ClearC server:

Tcp://62 [.] 210 [.] 142 [.] 219:17231/Ivictim

Check to see if there is a process for the relevant analysis tools, and if so, it will end:

Create a scheduled task execution Trojan:

Download and execute files from the specified connection:

Steal the client C side of the UserProfile message:

Steal Cookie information for the following specified browsers:

Chrome 、 Yandex 、 Kometa 、 Amigo 、 Torch 、 Orbitum 、 Opera

Steal encrypted currency wallet information:

IOCs

MD5:

F992dd6dbe1e065dff73a20e3d7b1eef

URL:

Tcp://62.210.142.219:17231/IVictim

These are all the contents of this article entitled "what is the impact of the new Trojan InnfiRAT?" Thank you for your reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.