SecurityHome.eu TrojanDownloader:W97M/Adnel

Home / malware PDF

TrojanDownloader:W97M/Adnel

First posted on 02 January 2020.
Source: Microsoft
Aliases :
TrojanDownloader:W97M/Adnel is also known as X97M/DownldExe.A, X97M.DownLoader.3, VBA/TrojanDownloader.Agent.DZ, W97M/Agent.KXRS!tr.dldr, TROJ_XLSDROP.WJ.
Explanation :
Installation

This threat is a malicious macro that can be embedded in a Microsoft Office file. When you open the malicious file, Microsoft Word should show you a security notification to ask whether you want to enable macros. If you enable macros, this threat will run.

We have seen this threat spread as a malicious Excel or Word file that is attached to spam emails as a .xls or .doc file. See the spam email samples below:

Payload

Downloads other malware

The macro tries to download other malware including TrojanDownloader:Win32/Drixed.B.

We have seen it contact the following URLs to download malware:

79.137.227.123/.php danidata.dk/.exe

It can save the file to the following locations:

444.exe EWSUVRXTBUU.exe Test.exe

Analysis by Hong Jia
Last update 02 January 2020

TOP

Malware :

Last 20