Threat Database Stealers Infostealer.Sazoora


By LoneStar in Stealers

Threat Scorecard

Threat Level: 90 % (High)
Infected Computers: 18
First Seen: May 28, 2013
Last Seen: July 17, 2022
OS(es) Affected: Windows

Infostealer.Sazoora is a Trojan that steals information from the affected computer. Once run, Infostealer.Sazoora creates a copy of itself as the malevolent file. Infostealer.Sazoora creates the registry entry so that it can be started automatically whenever a computer user boots up Windows. Infostealer.Sazoora then creates more registry entries. Infostealer.Sazoora steals information by controlling the particular online banking websites. Infostealer.Sazoora also controls the Internet browsers Mozilla Firefox, Google Chrome and Internet Explorer in an attempt to steal more information. Infostealer.Sazoora may create the log file used to store the stolen information. Infostealer.Sazoora then transfers the grabbed data to the particular locations.

File System Details

Infostealer.Sazoora creates the following file(s):
# File Name Detections
1. %UserProfile%\Application Data\WinHost\svchost.exe N/A
2. %Temp%\log32.txt N/A

Registry Details

Infostealer.Sazoora creates the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\svchost\WinHost\"installed" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\svchost\WinHost\"guid" = "[VARIABLE GUID]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\svchost\WinHost\"wu" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\svchost\WinHost\"Packet" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"WindowsHost" = "%UserProfile%\Application Data\WinHost\svchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\svchost\WinHost\"path" = "%UserProfile%\Application Data\WinHost\svchost.exe"


Most Viewed