SecurityHome.eu Trojan.Bruterdep

Home / malware PDF

Trojan.Bruterdep

First posted on 13 March 2014.
Source: Symantec
Aliases :
There are no other names known for Trojan.Bruterdep.
Explanation :
When the Trojan is executed, it copies itself to the following location:
%UserProfile%\Application Data\lsacs.exe

The Trojan also creates the following file:
%UserProfile%\Application Data\ip.sys

The Trojan then creates the following registry entry so that it runs every time Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Run" = "%UserProfile%\Application Data\lsacs.exe"

Next, the Trojan connects to the following remote location:
[http://]78.154.54.42/www/cmd[REMOVED]

The Trojan may then perform the following actions: Undertake brute force attacks against other computers that use Remote Desktop ProtocolSend results of the brute force attacks to the attacker's remote location Download files from the attacker's remote location
Last update 13 March 2014

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Trojan:W32/Qhost.JE
Trojan-Downloader:HTML/Agent.DY
Trojan.Cidox!kmem
Trojan.Ransomlock!g75
Trojan.Klovbot!gen2
Trojan.Poweliks!gm
Trojan.Shylock!gen9
Trojan-Dropper:W32/Agent.CMW
Trojan-Downloader:W32/Agent.TPF
Trojan:SymbOS/Bootton.I