TSPY_BANKER.UKL
May 23, 2015
PLATFORM:
Windows
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
INFORMATION EXPOSURE:

Threat Type: Trojan
Destructiveness: No
Encrypted: Yes
In the wild: Yes
OVERVIEW
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.
TECHNICAL DETAILS
File Size:
323,584 bytes
File Type:
EXE
Memory Resident:
Yes
Initial Samples Received Date:
22 May 2015
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This Trojan drops the following files:
- %System32%\WSPDll.dll
Download Routine
This Trojan accesses the following websites to download files:
- http://www.{BLOCKED}lm.com.ua/forum/files/.../strings.txt
- http://www.{BLOCKED}lm.com.ua/forum/files/.../strings.txt
- http://www.{BLOCKED}p.cz/includes/.../strings.txt
- http://www.{BLOCKED}usalumni.net/templates/css/strings.txt
- http://dasan.{BLOCKED}g.ac.kr/~appmath/test/bbs/strings.txt
- http://{BLOCKED}esitetraffic.com/blog/wp-includes/js/strings.txt
It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.