Dumador (q)
Copyright © MegaSecurity
By ?
Informations
| Author | ? |
| Family | Dumador |
| Category | Remote Access |
| Version | Dumador (q) |
Additional Information
Backdoor.Win32.Dumador.q
port: 2283, 10000 TCP
dropped files:
C:\WINDOWS\Start Menu\Programs\StartUp\rundllw.exe
c:\WINDOWS\SYSTEM\load32.exe
c:\WINDOWS\SYSTEM\vxdmgr32.exe
startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "load32"
c:\windows\system.ini, [boot] "shell"
does steal account information of following:
Storm
e-metal
WebMoney
WM Keeper
Keeper
Fethard
fethard
PayPal
localhost
WinampIf you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.