HackTool.Win32.SniffPass.B

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Detalles de entrada

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Instalación

Este malware infiltra el/los siguiente(s) archivo(s):

• {Malware Directory}\{Malware Name}.cfg → contains configuration
• {Malware Directory}\{Malware Name}_lng.ini → if "/savelangfile" parameter is used

Otros detalles

Hace lo siguiente:

• captures passwords that pass through the infected machine's network adapter
  • passwords captured are limited to the following protocols:
    • POP3
    • IMAP4
    • SMTP
    • FTP
    • HTTP
• accepts the following parameters:
  • /nocapdriver
    • starts without loading any network capture drivers (defaults to Raw Socket option)
  • /noreg
    • does not create configuration file ({Malware Name}.cfg)
  • /savelangfile
    • drops {Malware Directory}\{Malware Name}_lng.ini → manually translate or change displayed text in its graphical user interface
• accepts network captured dumps as input (tcpdump/libpcap)
• can also use the following network drivers (if installed in the system)
  • WinPCAP capture driver
  • Microsoft Network Monitor driver
• has the option to save captured events as one of the following:
  • Text File (.txt)
  • HTML File (.html)
  • Comma delimited text file (.csv)
• displays the following graphical user interface: