Home / malware TrojanSpy:MSIL/Lachemp.A
First posted on 28 January 2017.
Source: MicrosoftAliases :
There are no other names known for TrojanSpy:MSIL/Lachemp.A.
Explanation :
Installation
This trojan spy is downloaded by the Donoff trojan downloader family, such as TrojanDownloader:O97M/Donoff or TrojanDownloader:O97M/Donoff. The trojan downloader will install this trojan spy into a temp folder.
The threat installs a legitimate surveillance app called Luminosity. The trojan spy then modifies a part of the app while it is running in memory. Payload
Collects your log in and PC information
This trojan collects your personal information, and information about your PC. We have seen it attempt to collect the following:
- Keystrokes you make on your PC
- The usernames and passwords you use for online banking by monitoring your web browser and looking for credit card information
It can also try to access your desktop, webcam, and microphone by using the Luminosity program to control your webcam and microphone.
It listens to random ports for a connection - when it finds a connection it sends the information it has collected to a remote attacker.
Additional information
This analysis used file sample with SHA1 c68c694aeb4b9230aeee8298290f449dc573deaa.
Analysis by Ferdinand PlazoLast update 28 January 2017
