Infostealer.Fightpos

By GoldSparrow in Stealers

The Infostealer.Fightpos malware, as the name suggests, is used by cyber criminals to collect and transmit data from infected PCs to their servers. The Fightpos malware falls in the category of backdoor trojans and is deployed in spam emails as an attached file and may accompany freeware bundles from software centers with a bad reputation. Malware researchers note that the Fightpos trojan can place its files in the Microsoft folder under Application Data to evade detection. Moreover, the Infostealer.Fightpos malware drops two files named 'ActiveComponent.bat' and 'ActiveComponent.exe' in the Temp folder in order to manipulate the Microsft Internet Explorer. The Fightpos trojan then creates a registry entry to make sure users run the corrupted Internet Explorer.exe and collect data like typed URLs, entered log-in credentials and offline web app data. As stated above, the Fightpos malware is a backdoor trojan, and it adds several registry keys concerning group policies and firewall settings in order to allow cyber criminals to connect to the infected machine. Additionally, the Fightpos malware can download and execute files as well as launch DDoS attacks. Security experts advise users to install a reputable anti-malware shield and avoid interaction with spam emails and suspicious websites.

Table of Contents

File System Details

Infostealer.Fightpos may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	%UserProfile%\Start Menu\Programs\Startup\Shortcut to Internet Explorer.lnk
Name: %UserProfile%\Start Menu\Programs\Startup\Shortcut to Internet Explorer.lnk Type: Shortcut Group: Malware file
2.	%Temp%\ActiveComponent.bat
Name: %Temp%\ActiveComponent.bat Type: Batch file Group: Malware file
3.	%Temp%\ActiveComponent.exe
Name: %Temp%\ActiveComponent.exe Type: Executable File Group: Malware file

Registry Details

Infostealer.Fightpos may create the following registry entry or registry entries:

HKEY..\..\{Value}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Microsoft" = "%UserProfile%\Application Data\Microsoft\InternetExplorer.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"ActiveControl" = "%Temp%\ActiveComponent.bat"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"[PATH OF THE ORIGINAL FILE]" = "[PATH OF THE ORIGINAL FILE]:*:Enabled: Microsoft"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"%UserProfile%\Application Data/Microsoft/InternetExplorer.exe" = "%UserProfile%\Application Data\Microsoft\InternetExp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\"DoNotAllowExceptions" = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"EnableLUA" = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\"UACDisableNotify" = "0"

URLs

Infostealer.Fightpos may call the following URLs:

[http://]69.195.77.74/BrFighter/bot/comma[REMOVED]

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Infostealer.Fightpos

File System Details

Registry Details

URLs

Submit Comment

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen