Threat Database Trojans Trojan.Rapidstealer

Trojan.Rapidstealer

By GoldSparrow in Trojans

Threat Scorecard

Threat Level: 90 % (High)
Infected Computers: 29
First Seen: May 14, 2014
Last Seen: March 7, 2020
OS(es) Affected: Windows

Trojan.Rapidstealer is a Trojan that steals information from the attacked PC. Trojan.Rapidstealer may spread bundled with the VPN software such as GerdooVPN, Psiphon and Ultrasurf. Once started, Trojan.Rapidstealer creates potentially infected files. Trojan.Rapidstealer also creates the registry entries. Trojan.Rapidstealer may steal information from the compromised PC such as key logs, screenshots, computer name, username, browsing history, proxy settings, bookmarks stored and cookies stored in Google Chrome, Mozilla Firefox, Opera, and Internet Explorer, user credentials for Proxifier, user credentials for Gtalk, Pidgin, Skype, and Yahoo Messenger, and many other. Trojan.Rapidstealer uploads the stolen information to the distant servers.

File System Details

Trojan.Rapidstealer may create the following file(s):
# File Name Detections
1. %UserProfile%\Application Data\IntelRapidStart\DelphiNative.dll
2. %UserProfile%\Application Data\IntelRapidStart\IntelRS.exe.config
3. %UserProfile%\Application Data\IntelRapidStart\AppTransferWiz.dll
4. %UserProfile%\Application Data\IntelRapidStart\IntelRS.exe
5. %UserProfile%\Application Data\IntelRapidStart\RapidStartTech.stl

Registry Details

Trojan.Rapidstealer may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"IntelRapidStart"=%UserProfile%\Application Data\IntelRapidStart\IntelRS.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"IntelRapidStart"=%UserProfile%\Application Data\IntelRapidStart\IntelRS.exe

URLs

Trojan.Rapidstealer may call the following URLs:

Account-verify.net
Intel-update.com
Secure.sitanetwork.tk
Ultrasms.ir
Windows.update-mirror.com

Trending

Most Viewed

Loading...