In conversations with reverse engineer and security researcher Vitali
Kremez, we get an idea of how the file stealer works. When executed, the
stealer will perform a recursive scan of all the files on a computer and
look for Word .docx and Excel .xlsx files to steal.
When looking for files, if it encounters any folders or files that match
certain strings, it will stop checking the file and move to the next
one, similar to how ransomware would operate.
A full list of the blacklisted files and folders are at the end of this
article, including your standard ones such as Windows, Intel,
Mozilla, Public, etc.
To read the complete article see:
Come to our events: https://partners.team-cymru.com/rise-SEPT10