Home / malware Backdoor:Win32/Bifrose.AE
First posted on 15 February 2019.
Source: MicrosoftAliases :
Backdoor:Win32/Bifrose.AE is also known as Backdoor.Bifrose.ZXE, W32/Bifrose.ASWB.
Explanation :
Backdoor:Win32/Bifrose.AE is an 818,629-byte, win32 executable which sets itself to run on the next system boot and opens up a backdoor that allows unauthorized access and control of the affected system. The executable is known to have been distributed packed with Themida. InstallationWhen executed Backdoor:Win32/Bifrose.AE injects itself in to the explorer.exe process. It drops a copy of the backdoor to %windir%ifrostserver.exe, and modifies the following registry entry:Sets value: "stubpath"
With data: "%windir%ifrostserver.exe s"
To subkey: HKLMSOFTWAREMicrosoftActive SetupInstalled Components{9B71D88C-C598-4935-C5D1-43AA4DB90836} It also launches %program_files%iexplore.exe and injects itself to its process space. Payload Steals sensitive informationBackdoor:Win32/Bifrose.AE attempts to read the keys and serial numbers of any of the following software should it be installed on the affected computer: Battlefield 1942
Battlefield 1942 (Road To Rome)
Battlefield 1942 (Secret Weapons of WWII)
Battlefield Vietnam
Black and White
Call of Duty
Chrome
Command and Conquer: Generals
Command and Conquer: Generals (Zero Hour)
Command and Conquer: Red Alert
Command and Conquer: Red Alert 2
Command and Conquer: Tiberian Sun
Counter-Strike
F1 Challenge 99-02
FIFA 2002
FIFA 2003
Freedom Force
Global Operations
Gunman Chronicles
Half-Life
Hidden & Dangerous 2
IGI 2: Covert Strike
Industry Giant 2
James Bond 007: Nightfire
Legends of Might and Magic
Medal of Honor: Allied Assault
Medal of Honor: Allied Assault: Breakthrough
Medal of Honor: Allied Assault: Spearhead
Microsoft Windows Product ID
Nascar Racing 2002
Nascar Racing 2003
NASCAR Thunder TM 2004
Need For Speed Hot Pursuit 2
Need For Speed: Underground
NHL 2002
NHL 2003
NOX
Rainbow Six III RavenShield
Shogun: Total War: Warlord Edition
Soldiers Of Anarchy
The Battle for Middle-earth
The Gladiators
The Sims
Unreal Tournament 2003
Unreal Tournament 2004 Backdoor:Win32/Bifrose.AE also logs passwords for ICQ, Messenger, POP3 mail accounts, and protected storage. Allows backdoor access and control: Port 81Backdoor:Win32/Bifrose.AE establishes a TCP connection to 83.198.142.171 using port 81. It then accepts commands from a remote attacker and updates using this TCP connection. Analysis by Oleg PetrovskyLast update 15 February 2019