W32/Agent.EO!tr.spy
Analysis
W32/Agent.EO!tr.spy - 06-05-24
General Info:
This threat is a "PE" executable file
Files:
- Drop files: ".dll"
Installation to System:
- Drops the following files:
undefinedSystemundefined\ipv4mons.dll - And creates these registry entries:
HKEY_CLASSES_ROOT\CLSID\{78364D99-A240-4dff-B11A-67E448373045} HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Enable Browser Extensions = "yes" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{78364D99-A240-4dff-B11A-67E448373045} HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Control Panel\load HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
More Info:
This malware steals mail passwords and banking information of the following banks: Postbank Barclays Abbey National Natwest
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |