Trojan.X97M.GETLOADR.THIAOBO

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Detalles de entrada

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Instalación

Infiltra los archivos siguientes:

• %Application Data%\Microsoft\Windows\Templates\rgoc1.dll → Detected as TrojanSpy.Win32.GETLOADR.THIAOBO
• %Application Data%\Microsoft\Windows\Templates\rgoc2.dll → Detected as TrojanSpy.Win64.GETLOADR.THIAOBO
• %User Temp%\academl.xlsx
• %User Temp%\academl.xlsx.zip
• %User Temp%\rgoc.zip
• %User Temp%\oleObject1.bin

Otros detalles

Hace lo siguiente:

• It would determine if the system it is running on is 64-bit or 32-bit and will use the architecture appropriate payload based on the result of its checking.
  • rgoc2.dll → If the system it is running on is a 64-bit machine with VBA7
  • rgoc1.dll → If the system it is running on does not satisfy the condition above.
• It displays the following to lure users into enabling macro content: