W2KM_PSHELL.I
July 20, 2017
ALIASES:
W97M.Downloader.FZZ (BITDEFENDER)
PLATFORM:
Windows
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
INFORMATION EXPOSURE:
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users.
TECHNICAL DETAILS
File Size: 48,036 bytes
File Type: DOC
Initial Samples Received Date: 19 Jul 2017
Arrival Details
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users.
Other Details
This Trojan connects to the following possibly malicious URL:
- http://{BLOCKED}.{BLOCKED}.177.111/_/scs/mail-static/_/js/
- http://{BLOCKED}.{BLOCKED}.237.165/_/scs/mail-static/_/js/
- http://{BLOCKED}.{BLOCKED}.237.165/bmV7
- http://{BLOCKED}.{BLOCKED}.237.165/mail/u/0/?ui={value}&hop={value}&start={value}
- http://{BLOCKED}.{BLOCKED}.237.165/rsa_decryption