SHA1:
- e675109b1eeedd83c2fafa3969c5d38a8efc7259
A stealer Trojan for Microsoft Windows. Its self-designation is N0F1L3. The malicious program is written in .NET and designed to steal saved passwords from browsers Chrome, Opera, Kometa, Orbitum, Comodo, Amigo, Torch and Yandex.Browser. It contains the auxiliary library sqlite3.dll.
Once launched, the stealer checks the OS platform and according to it unpacks the required version of sqlite3.dll.
The Trojan saves the stolen passwords in the HTML format to the file “%LOCALAPPDATA%\\f.txt”. Then the obtained data is sent to the command and control server using the POST request.