Trojan-Banker.Win32.Banker.ra

Summary

• Trojan-Banker. Steals confidential information from banks, financial institutions and payment systems

• Implements network activity

• Performs potentially dangerous activity

Technical details

File size of 676352 bytes.

Installation

Makes copies of itself with the following names once launched:

• Windows system directory (usually, C:\Windows\System32) %System%\lsass.scr

Ensures Using the system registry, system services or special system files, the program can launch itself or launch the creation of its files every time the Windows OS is subsequently booted autorun of the following installed files:

by adding values to autorun keys in the system registry:

[ System registry hive HKEY_LOCAL_MACHINEHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ] "<­file of source program ­>" = " Windows system directory (usually, C:\Windows\System32) %System%\lsass.scr"

Malicious activity

Steals confidential user information from A malicious program designed to steal user information related to banking and electronic payment systems and bank cards. The information is sent to a cybercriminal via email, ftp, the web or other methods.
Read more details here: http://www.viruslist.com/en/analysis?pubid=204792037the following banks, financial institutions, payment systems:

• Bradesco group
• Caixa
• Banco Santander group
• ABN AMRO banking group
• Unibanco
• Banco do Brasil

Connects to to the following Internet addresses:

• ***.221.4.5:28160

Other activities

Searches for the following windows:

Title

Iexplorer