virus logo Virus

W32/Agent.EO!tr.spy

description-logoAnalysis

W32/Agent.EO!tr.spy - 06-05-24


General Info:

This threat is a "PE" executable file

Files:

  • Drop files: ".dll"

Installation to System:

  • Drops the following files:
    undefinedSystemundefined\ipv4mons.dll
  • And creates these registry entries:
    HKEY_CLASSES_ROOT\CLSID\{78364D99-A240-4dff-B11A-67E448373045} HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Enable Browser Extensions = "yes" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{78364D99-A240-4dff-B11A-67E448373045} HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Control Panel\load HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

More Info:

This malware steals mail passwords and banking information of the following banks: Postbank Barclays Abbey National Natwest

Telemetry logoTelemetry

Detection Availability

FortiGate
Extreme
FortiClient
Extended
FortiMail
Extended
FortiSandbox
Extended
FortiWeb
Extended
Web Application Firewall
Extended
FortiIsolator
Extended
FortiDeceptor
Extended
FortiEDR

Version Updates

Date Version Detail
2023-07-11 91.05007
2023-05-21 91.03457
2022-06-21 90.03462
2022-03-26 90.00812
2022-01-11 89.08603
2021-12-28 89.08183
2021-12-21 89.07973
2021-11-12 89.06803
2021-10-30 89.06411
2021-10-29 89.06387
ID 252840
Released May 24, 2006
Description
Updated		 May 24, 2006
Aliases Win32:Small-TA, Win32/Spy.Agent.EO, Trojan-Spy.Win32.BZub.q
Platform Profile Win32 file format / PE 32 bit
Profile Type Trojan Spy (tr.spy)