SecurityHome.eu Trojan:Win32/Truebot.A

Home / malware PDF

Trojan:Win32/Truebot.A

First posted on 03 November 2017.
Source: Microsoft
Aliases :
There are no other names known for Trojan:Win32/Truebot.A.
Explanation :
Installation

This malware may be installed as a service named "Default monitor".

Once the service is running, this malware drops the following files:

%TEMP%\mss.txt

%TEMP%\mss.exe

Payload

Takes screenshots

This trojan executes the component mss.exe, which takes screenshots of the desktop.

The screenshots are saved and appended to the file %TEMP%\out.dat, which becomes a collection of bitmap images.

Analysis by: Ric Robielos
Last update 03 November 2017

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Trojan:Win32/Truebot.A