HTML_BANLOAD.YQNL

June 24, 2016

• Email
• Facebook
• 
  Twitter
• Google+
• Linkedin

 Analysis by: Rhena Inocencio

---

 ALIASES:

Trojan.HCWY-0 (Cyren)

 PLATFORM:

Windows

 OVERALL RISK RATING:

 DAMAGE POTENTIAL:

 DISTRIBUTION POTENTIAL:

 REPORTED INFECTION:

 INFORMATION EXPOSURE:

• 
  Threat Type: Trojan
• 
  Destructiveness: No
• 
  Encrypted:
• 
  In the wild: Yes

  OVERVIEW

This Trojan executes when a user accesses certain websites where it is hosted.

  TECHNICAL DETAILS

File Size:

337 bytes

File Type:

HTML, HTM

Initial Samples Received Date:

22 Jun 2016

Arrival Details

This Trojan executes when a user accesses certain websites where it is hosted.

Other Details

This Trojan does the following:

• It loads the following website:
  • http://{BLOCKED}t.ly/CNO0012587_06_2016_CAROTORIONOTORIAISEDEPROTESTOS
• The above URL then redirects the user to the following possibly malicious websites:
  • http://{BLOCKED}l.ly/1N2D2h2g2U2l/download/CNO0012587_06_2016.vbs
  • http://{BLOCKED}pi.{BLOCKED}d.me/1N2D2h2g2U2l/download/CNO0012587_06_2016.vbs