Home / malware Trojan.Evilbunny
First posted on 10 March 2015.
Source: SymantecAliases :
There are no other names known for Trojan.Evilbunny.
Explanation :
Once executed, the Trojan creates the following file:
%Windir%\msapps\netmgr.exe
The Trojan creates the following registry entry so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"netmgr" = "%Windir%\msapps\netmgr.exe"
The Trojan also ctreates the following registry entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\"isakmpAutoNegociate" = "[PATH TO ORIGINAL FILE]"
The Trojan may connect to any of the following remote locations:
[http://]le-progres.net/images/php/test[REMOVED][http://]ghatreh.com/skins/php/test[REMOVED][http://]www.usthb-dz.org/includes/php/test[REMOVED]
The Trojan then opens a back door on the compromised computer, allowing an attacker to perform the following actions:
Download configurationSend filesDownload files
The Trojan may also steal information from running processes for the following programs:
Internet ExplorerFirefoxLast update 10 March 2015
