Threat Database Stealers Infostealer.Pandebono


By GoldSparrow in Stealers

Infostealer.Pandebono is a Trojan that steals private details such as account data and PIN numbers from targeted Automated Teller Machines (ATMs). Infostealer.Pandebono propagates through a USB connection to the ATM. Once launched, Infostealer.Pandebono creates potentially harmful files and folders. Infostealer.Pandebono creates the registry subkey. Infostealer.Pandebono creates a service with the characteristics such as a service Name - Windows Net Logon. Infostealer.Pandebono may stop the malevolent service by command. Infostealer.Pandebono stores stolen information in the certain file. Infostealer.Pandebono stores encrypted PIN numbers to be cracked offline, the process known as 'carding', in the specific file. Infostealer.Pandebono uploads all the stolen data to the USB removable drive if the removable drive root folder includes the particular file.

File System Details

Infostealer.Pandebono may create the following file(s):
# File Name Detections
2. %WinDir%\system32\umst\shadow.dmp
3. %WinDir%\system32\umst\winpins.dmp
4. %WinDir%\system32\res\lsass.exe
5. %WinDir%\system32\res\smss.exe
6. %WinDir%\system32\winini.log
7. %WinDir%\system32\umst\


Most Viewed