The page may not load correctly.
|Added to Dr.Web virus database:||2018-04-27|
|Virus description was added:||2018-05-04|
A spying Trojan for devices running Microsoft Windows.
Written in the script language Autoit. It saves to the disk and launches the following files:
A script written in Python and transformed into an executable file using py2exe. In whole, it is identical to Trojan.PWS.Stealer.23700; however:
A module written in Go. Scans drives searching for folder directories with password databases and cookies of browsers based on Chromium. Detected directories are written into files LOGINSDATALIST.txt and COOKIEDATALIST.txt respectively.
A module that generates a ZIP archive with stolen files and data. It obtains an IP address of an infected device by sending a request to the service http://checkip.amazonaws.com, then it loads an archive to the pcloud.com account registered by cybercriminals.