Home / malwarePDF  

TrojanDownloader:Win32/Lerspeng.B


First posted on 08 May 2014.
Source: Microsoft

Aliases :

There are no other names known for TrojanDownloader:Win32/Lerspeng.B.

Explanation :

Threat behavior

Installation

TrojanDownloader:Win32/Lerspeng.B can arrive on your PC attached to a spam email, or downloaded by other malware family, such as TrojanDownloader:Win32/Upatre and TrojanDownloader:Win32/Kuluoz.

The spam email might follow the following template:

Subject: Payment notification #
Email body:

!

.
Sum: $

===Detailed notification is in the attached ZIP-archive===





Unfortunately, this email is an automated notification, which is unable to receive replies.
We're happy to help you with any questions or concerns you may have.
Please contact us directly 24/7 via our site.

No found in this message. Checked by .

When run, TrojanDownloader:Win32/Lerspeng.B downloads a file and saves this file on your PC as %TEMP%\mss.exe. for example, %TEMP%\mss11.exe.

Payload

Downloads other malware

We have seen TrojanDownloader:Win32/Lerspeng.B connect to the following URLs to download other malware:

  • 76.12.188.227/pesk/keystones
  • allee-a.fr/rawnessormat
  • bestattungskultur.tipsily/battled
  • blueodysseyvacatioom/disabled/casements
  • cajuncloud.com/detor/reverting
  • customerservice.ivustralia.com/essential/supernova
  • dboulaisdance.ca/aness/vessels
  • dboulaisdance.ca/ethius/detonates
  • dislexia.ch/stepsoange
  • ftp.bluerivermediasprangs/meringue
  • griffinclan.org.clrvers.com/deniers/echos
  • handhtek.com/ashmo/zhengzhou
  • LEFTCOASTFOOTBALL.slaloming/opera
  • mccubbin.dmirc.comtle/strikers
  • mytimeenglish.com/els/shellfish
  • peas.de/peaceful/ched
  • pflegepaedagogik.deckpoint/resonantly
  • redrockspd.com/ribvin/composure
  • spraymarketing.co.verhaul/niobe
  • studiosharise.com/ively/nitpicked
  • torrealum.com/gain/frigidly
  • walkzone2u.com/pune/clump
  • www.10142493.wavel.com/banach/vizor
  • www.efg-neckarsulmpleats/enquiry
  • www.furairgallon.brtals/ruined
  • www.genienspiegel.iscos/preemptive
  • www.limousinegta.cdrigals/revealings
  • www.stoltztechnicavices.com/pubic/assertion
  • www.teutoklaus.de/ne/reuse
  • www.zeton.com.br/cility/engraver


We have seen it download the following malware families:

  • PWS:Win32/Zbot
  • Trojan:Win32/Kuluoz
  • TrojanDownloader:Win32/Upatre
  • Worm:Win32/Gamarue




Analysis by Zarestel Ferrer

Symptoms

The following could indicate that you have this threat on your PC:

  • You have these files:

    %TEMP%\mss.exe

Last update 08 May 2014

 

TOP

Malware :

Family: