SecurityHome.eu Trojan.Spadyra

Home / malware PDF

Trojan.Spadyra

First posted on 17 February 2015.
Source: Symantec
Aliases :
There are no other names known for Trojan.Spadyra.
Explanation :
The Trojan may be downloaded by the following malware:
Downloader.Upatre
Once executed, the Trojan may create the following files:
%Temp%\smsss.exe%Temp%\crsss.exe%Temp%\sms.exe%Temp%\xxa
The Trojan also drops the following file, which contains the text used in the emails sent by the malware:
%Temp%\mail9bc_[BANK NAME].txt
Note: Where [BANK NAME] is the name of a bank used in the malicious emails.

The Trojan may then connect to the following remote location:
5.104.109.197
The Trojan then sends out malicious emails from the compromised computer, which claim to be from a financial institution. The emails contain a malicious URL that leads to the following malware being downloaded:
Infostealer.Dyranges
Last update 17 February 2015

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Trojan.Spadyra