%USERPROFILE%\AppData\Roaming\Mozilla\SEAMONKEY\PROFILES.INI %USERPROFILE%\AppData\Local\COOWON\COOWON\USER DATA %USERPROFILE%\AppData\Local\QIP SURF\USER DATA %USERPROFILE%\AppData\Local\FENRIR INC\SLEIPNIR5\SETTING\MODULES\CHROMIUMVIEWER %USERPROFILE%\AppData\Local\LIEBAO\USER DATA %USERPROFILE%\AppData\Local\CATALINAGROUP\CITRIO\USER DATA %USERPROFILE%\AppData\Local\VIVALDI\USER DATA %USERPROFILE%\AppData\Local\UCOZMEDIA\URAN\USER DATA %USERPROFILE%\AppData\Local\SPUTNIK\SPUTNIK\USER DATA %USERPROFILE%\AppData\Local\ORBITUM\USER DATA %USERPROFILE%\AppData\Local\KOMETA\USER DATA %USERPROFILE%\AppData\Local\EPIC PRIVACY BROWSER\USER DATA %USERPROFILE%\AppData\Local\ELEMENTS BROWSER\USER DATA %USERPROFILE%\AppData\Local\COCCOC\BROWSER\USER DATA %USERPROFILE%\AppData\Local\CHEDOT\USER DATA %USERPROFILE%\AppData\Local\CENTBROWSER\USER DATA %USERPROFILE%\AppData\Local\BRAVESOFTWARE\BRAVE-BROWSER\USER DATA %USERPROFILE%\AppData\Local\AMIGO\USER DATA %USERPROFILE%\AppData\Local\7STAR\7STAR\USER DATA %USERPROFILE%\AppData\Local\TORCH\USER DATA %USERPROFILE%\AppData\Local\CHROMIUM\USER DATA %USERPROFILE%\AppData\Local\MAPLESTUDIO\CHROMEPLUS\USER DATA %USERPROFILE%\AppData\Local\COMODO\DRAGON\USER DATA %USERPROFILE%\AppData\Local\IRIDIUM\USER DATA %USERPROFILE%\AppData\Local\360CHROME\CHROME\USER DATA %USERPROFILE%\AppData\Local\YANDEX\YANDEXBROWSER\USER DATA %USERPROFILE%\AppData\Roaming\OPERA SOFTWARE\OPERA STABLE\LOGIN DATA %USERPROFILE%\AppData\Local\TENCENT\QQBROWSER\USER DATA\DEFAULT\ENCRYPTEDSTORAGE %USERPROFILE%\AppData\Roaming\Mozilla\Firefox\Profiles\\LOGINS.JSON %USERPROFILE%\AppData\Local\Google\Chrome\User Data\LOGIN DATA Many credentials databases and files are tested by the malware. The list of searched files and registry keys is interesting. ![]() The payload is unknown on VT at this time. This file format remains common in phishing campaigns because the detection rate is lower at email gateways (many of them can’t handle the file format). ![]() ![]() The malware is delivered in an ACE archive. Here is another found that also exfiltrate data. Yesterday, I posted a quick analysis of a malicious document that exfiltrates data from the compromised computer.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |