Home / malware TrojanSpy:Win32/Banker.ANE
First posted on 13 November 2014.
Source: MicrosoftAliases :
There are no other names known for TrojanSpy:Win32/Banker.ANE.
Explanation :
Threat behavior TrojanSpy:Win32/Banker.ANE is a member of Win32/Banker - a family of data-stealing trojans that captures online banking credentials, such as account login names and passwords, and relays the captured information to a remote attacker. Most Win32/Banker variants target customers of Brazilian banks, though some variants target customers of banks in other locations.
Installation
TrojanSpy:Win32/Banker.ANE creates the following files on your PC:
- %windir%\adobe.exe
- c:\documents and settings\administrator\local settings\temp\aute.tmp
- c:\documents and settings\administrator\local settings\temp\whitehouse.exe
Payload
Contacts remote host
TrojanSpy:Win32/Banker.ANE might contact a remote host at www.redjbm.com using port 80. Commonly, malware does this to:
- Report a new infection to its author
- Receive configuration or other data
- Download and run files, including updates or other malware
- Receive instructions from a remote hacker
- Upload data taken from your PC
This malware description was produced and published using automated analysis of file SHA1 6ff9b1adc79728c02cefd16a95ad4892ba9fbbae.Symptoms
System changes
The following could indicate that you have this threat on your PC:
%windir%\adobe.exe
- You have these files:
c:\documents and settings\administrator\local settings\temp\aute.tmp
c:\documents and settings\administrator\local settings\temp\whitehouse.exeLast update 13 November 2014
