SecurityHome.eu TrojanDownloader:Win64/Bregent

Home / malware PDF

TrojanDownloader:Win64/Bregent

First posted on 16 July 2014.
Source: Microsoft
Aliases :
There are no other names known for TrojanDownloader:Win64/Bregent.
Explanation :
Threat behavior

Installation

TrojanDownloader:Win64/Bregent installs itself as a service by injecting malicious code into legitimate processes such as explorer.exe and svchost.exe.

We have seen it use the following service names:

DlProtectSvc

GFilterSvc

Payload

TrojanDownloader:Win64/Bregent tries to download other malware from a generated domain. Based on our analysis the generated domain is in this format:

<16 alphanumeric digits>.<3 random letters>.download-web-shield.com, for example, 822b5a5bf7d0c81a.dpa.download-web-shield.com

We have seen this threat download malware from this domain, including Trojan:Win32/Webprefix.C.

Analysis by Jayronn Christian Bucu

Symptoms

Alerts from your security software may be the only symptom.

Last update 16 July 2014

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20