JS_MORPHEUS.VTG

 Analysis by: Sabrina Lei Sioting

 PLATFORM:

Windows 2000, WindowsXP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW


This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It arrives as a component bundled with malware/grayware packages. It executes when a user accesses certain websites where it is hosted.

  TECHNICAL DETAILS

File Size:

1,090 bytes

File Type:

JS

Initial Samples Received Date:

13 Apr 2012

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It arrives as a component bundled with malware/grayware packages.

It executes when a user accesses certain websites where it is hosted.

Download Routine

This Trojan connects to the following URL(s) to download its component file(s):

  • http://{BLOCKED}146.149:102/m0rpheus/morpheus2010/nfiles/key.tt - saved as C:/Documents and Settings/administrator/msn/inf.tt
  • http://{BLOCKED}146.149:102/m0rpheus/morpheus2010/nfiles/mailer.js - saved as C:/Documents and Settings/administrator/msn/mailer.tpl
  • http://{BLOCKED}146.149:102/m0rpheus/morpheus2010/nfiles/mailpv.js - saved as C:/Documents and Settings/administrator/msn/mailpv.tt
  • http://{BLOCKED}146.149:102/m0rpheus/morpheus2010/nfiles/key.tt - saved as C:/Documents and Settings/administrator/msn/m2011.tt
  • http://{BLOCKED}146.149:102/m0rpheus/morpheus2010/morph.jpg - saved as C:/Documents and Settings/administrator/msn/M0rPheU$_Esta_Aqui.jpg
  • http://{BLOCKED}146.149:102/m0rpheus/morpheus2010/nfiles/MA.tt - saved as C:/Documents and Settings/administrator/msn/Mejores Amigos.zip