Analysis by: Pearl Charlaine Espejo

ALIASES:

JS/Phish (AVG); HTML/Phishing (AhnLab-V3); JS/Phish.QXZ!tr (Fortinet); JS.Phish (Ikarus)

 PLATFORM:

Windows

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be hosted on a website and run when a user accesses the said website.

However, as of this writing, the said sites are inaccessible.

  TECHNICAL DETAILS

File Size: 54,199 bytes
File Type: HTML, HTM
Initial Samples Received Date: 27 Sep 2015

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It may be hosted on a website and run when a user accesses the said website.

Other Details

This Trojan connects to the following possibly malicious URL:

  • http://{BLOCKED}u.in/Dh/dhldelivery/dhl/login.php

However, as of this writing, the said sites are inaccessible.