Home / malware Trojan.Bisonal
First posted on 03 April 2015.
Source: SymantecAliases :
There are no other names known for Trojan.Bisonal.
Explanation :
When the Trojan is executed, it creates the following files: [PATH TO FILE]\[SAMPLE FILE NAME].xls%Temp%\conhost.exe%Windir%\tasks\dfea.exe
Next, the Trojan creates the following registry entry so that it runs each time Windows starts: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"dfea" = "%Windir%\tasks\dfea.exe"
The Trojan then connects to the following remote location:
hosting.myvnc.com
The Trojan may then perform the following actions: Open a back doorCreate and execute filesEnumerate running processesOpen a command shellDelete itselfLast update 03 April 2015
