HTML_PHISH.XTWD

August 28, 2017

Analysis by: John Kevin Sanchez

PLATFORM:

Windows

OVERALL RISK RATING:

DAMAGE POTENTIAL:

DISTRIBUTION POTENTIAL:

REPORTED INFECTION:

INFORMATION EXPOSURE:

Threat Type: Trojan Clicker
Destructiveness: No
Encrypted:
In the wild: Yes

OVERVIEW

This Trojan Clicker arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

TECHNICAL DETAILS

File Size:

6,904 bytes

Initial Samples Received Date:

12 Nov 2015

Arrival Details

This Trojan Clicker arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Other Details

This Trojan Clicker connects to the following possibly malicious URL:

http://screenshots.en.{BLOCKED}n.net/blog/en/2013/01/office-2013-onehome-white.jpg
http://www.{BLOCKED}edecin17.fr/images/lgguy/gen_validatorv4.js
http://encrypted-tbn0.{BLOCKED}c.com:443
http://encrypted-tbn3.{BLOCKED}c.com:443
http://encrypted-tbn2.{BLOCKED}c.com:443
http://encrypted-tbn1.{BLOCKED}c.com:443
http://encrypted-tbn0.{BLOCKED}c.com:443
http://g.{BLOCKED}d.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACEAEAISWIsPpZp3fvBXtmJ98%3D
http://clients1.google.com/ocsp/{BLOCKED}BgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih%2BZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDj2yPUhKUjV
http://screenshots.en.{BLOCKED}n.net/blog/en/2013/01/office-2013-onehome-white.jpg
http://www.{BLOCKED}decin17.fr/images/lgguy/gen_validatorv4.js
http://x.{BLOCKED}2.us/x.cer
http://mimg.{BLOCKED}6.net/logo/126logo.gif
http://clients1.google.com/ocsp/{BLOCKED}rDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih%2BZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCHy8jbGS75NR
http://www.download.{BLOCKED}update.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
http://o.{BLOCKED}2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
http://ocsp.rootg2.{BLOCKED}trust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
http://ocsp.rootca1.{BLOCKED}trust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D
http://ocsp.{BLOCKED}gn.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w%3D
http://ocsp.{BLOCKED}ca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT0MXB3rveIElndnl0j8v4md2bQRgQUOdr%2FyigUiqh0Ewi55A6p0vp%2BnWkCEB4aKEni4rXnazfqS7VpxFM%3D
http://www.{BLOCKED}i.com.br/2013/star.php
http://code.{BLOCKED}y.com/jquery-1.9.1.js
http://www.{BLOCKED}i.com.br/cgi-sys/js/simple-expand.min.js
http://www.{BLOCKED}i.com.br/cgi-sys/images/x.png
http://www.{BLOCKED}i.com.br/cgi-sys/images/404mid.gif
http://www.{BLOCKED}i.com.br/cgi-sys/images/404top_w.jpg
http://www.{BLOCKED}i.com.br/cgi-sys/images/404bottom.gif

HTML_PHISH.XTWD

OVERVIEW

TECHNICAL DETAILS

Resources

Support

About Trend

Country Headquarters

HTML_PHISH.XTWD

OVERVIEW

TECHNICAL DETAILS

Resources

Support

About Trend

Country Headquarters

The Americas

Middle East & Africa

Europe

Asia & Pacific