It could be used to infect computers with cryptocurrency miners, ransomware, and other types of malware. Combo Cleaner is owned and operated by Rcs Lt, the parent company of read more.Ĭybercriminals use SVCReady to distribute other malware (one of the known payloads is RedLine Stealer). To use full-featured product, you have to purchase a license for Combo Cleaner. Our security researchers recommend using Combo Cleaner. To eliminate possible malware infections, scan your computer with legitimate antivirus software. Stolen passwords and banking information, identity theft, the victim's computer added to a botnet. Infected email attachments, malicious online advertisements, social engineering, software 'cracks'. Trojans are designed to stealthily infiltrate the victim's computer and remain silent, and thus no particular symptoms are clearly visible on an infected machine. RedLine Stealer and possibly other malware Trojan, password-stealing virus, banking malware, spyware.ĭetection Names (Malicious MS Word document)Īvast (Win32:Trojan-gen), Combo Cleaner (Trojan.GenericKD.50287306), ESET-NOD32 (Multiple Detections), Kaspersky (), Microsoft (Trojan:Win32/Mamson.A!ac), Full List ( VirusTotal)Īvast (Win32:Malware-gen), Combo Cleaner (Gen:Variant.Lazy.181933), Emsisoft (Gen:Variant.Lazy.181933 (B)), Kaspersky (), Microsoft (Trojan:Win32/Tiggre!rfn), Full List ( VirusTotal) Additionally, it collects IP addresses, usernames, keyboard layouts, UAC settings, and other system information. It also targets certain cryptocurrency wallets, VPN and FPT clients, and various instant messaging clients. RedLine Stealer gathers logins, passwords, autofill data, cookies and credit card details from all Gecko-based and Chromium-based web browsers. As we mentioned in the introduction, one of the known payloads distributed using SVCReady is RedLine Stealer. SVCReady can download files and run them, take screenshots, run shell commands, check whether it is running in an VM environment (in a virtual machine), and obtain the number of plugged in USB devices. Additionally, SVCReady attempts to maintain its foothold on the system by creating a scheduled task. SVCReady sends collected data to the C2 server. Also, it gathers lists of running processes and installed software. SVCReady collects information about the infected system such as username, computer name, time zone, computer manufacturer, BIOS, and firmware. One of the known payloads delivered using the SVCReady loader is an information stealer called RedLine Stealer. We have discovered this loader while examining an email containing a malicious MS Word document. SVCReady is the name of a malware loader that can collect information about the infected system and communicate with a command and control (C2) server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |