Threat Database Stealers Infostealer.Bankeiya

Infostealer.Bankeiya

By GoldSparrow in Stealers

Threat Scorecard

Threat Level: 90 % (High)
Infected Computers: 3
First Seen: April 4, 2014
Last Seen: December 6, 2021
OS(es) Affected: Windows

Infostealer.Bankeiya is an info-stealer Trojan that is used in attacks against Japanese computer users. Infostealer.Bankeiya reroutes online traffic on the compromised PC. Infostealer.Bankeiya then strives to steal information from particular websites. Upon execution, Infostealer.Bankeiya creates a registry entry so that it can load automatically on the computer every time the PC user boots up Windows. Infostealer.Bankeiya downloads configuration settings from a specific web address. Infostealer.Bankeiya then saves the configuration settings to a specific file before updating itself. Infostealer.Bankeiya transfers the operating system (OS) version installed on the corrupted PC to a specific location. Infostealer.Bankeiya then controls Internet Explorer traffic for the specific URLs linked to online banking websites. If one of the URLs are visited, Infostealer.Bankeiya will show a bogus login screen and record any entered credentials. Infostealer.Bankeiya then transmits the stolen credentials to the remote cybercrook.

File System Details

Infostealer.Bankeiya may create the following file(s):
# File Name Detections
1. %UserProfile%\Application Data\ini.ini

Registry Details

Infostealer.Bankeiya may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"IcpIpCfg" = "Rundll32 "%UserProfile%\Application Data\[RANDOM FILE NAME].dll" MainThread"

URLs

Infostealer.Bankeiya may call the following URLs:

Bttxs.com/getp.asp?MAC=&VER=[OS VERSION]
Direct.jp-bank.japanpost.jp/tp1web/U010101SCK.do?link_id=ycDctLgn
Profile.hatena.ne.jp/ml[RANDOM NUMBER]
Web4.ib.mizuhobank.co.jp/servlet/mib?xtr=EmfLogOff&NLS=JP

Trending

Most Viewed

Loading...