Home / malware Trojan:PowerShell/Maponeir.A
First posted on 01 March 2018.
Source: MicrosoftAliases :
There are no other names known for Trojan:PowerShell/Maponeir.A.
Explanation :
Installation
This threat is commonly found as the second stage of an infection chain. Trojan Dowloaders such as Exploit:O97M/DDEDownloader is the first stage. We have observed that when this threat runs, it downloads and executes from the following link: hxxps://dl.dropboxusercontent.com/s/4va1sylr5ru0wo6/init.txt?dl=0
Payload
Downloads malware or other threats
After the threat is downloaded and executed from the hxxps://dl.dropboxusercontent.com/s/4va1sylr5ru0wo6/init.txt?dl=0 link, it activates a PowerShell script that writes a file to start up folder with the name tskm.exe....
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\tskm.exe We detect this
file 3c7ed9edc7e747bb54339296e458ea1512fe827d as Trojan:Win32/Coinminer.Last update 01 March 2018
