- Threat Encyclopedia
- Malware
- BKDR_CARBERP.XF
TrojanDownloader:Win32/Carberp.A (MICROSOFT), a variant of Win32/TrojanDownloader.Carberp.AM trojan (NOD32)
Windows
Downloaded from the Internet, Dropped by other malware
This backdoor is a new variant of the malware family CARBERP. It downloads and installs new plug-ins from its remote server thus compromising the security of the infected systems
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It executes commands from a remote malicious user, effectively compromising the affected system.
It logs a user's keystrokes to steal information.
270,336 bytes
Yes
09 Feb 2017
Logs keystrokes, Downloads files, Steals information, Modifies files
Arrival Details
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Backdoor Routine
This backdoor executes the following commands from a remote malicious user:
Information Theft
This backdoor gathers the following data:
It logs a user's keystrokes to steal information.
NOTES:
This backdoor downloads the following plug-ins from its command-and-control (C&C) server:
It monitors the following browsers:
It uses the following strings for monitoring:
It monitors user activity regarding the following banks and banking systems:
Further analysis of this malware reveals that it modifies Java core files such as java.exe and javaw.exe for monitoring.
9.700
Step 1
Before doing any scans, Windows XP, Windows Vista, and Windows 7 users must disable System Restore to allow full scanning of their computers.
Step 2
Note that not all files, folders, and registry keys and entries are installed on your computer during this malware's/spyware's/grayware's execution. This may be due to incomplete installation or other operating system conditions. If you do not find the same files/folders/registry information, please proceed to the next step.
Step 3
Scan your computer with your Trend Micro product and note files detected as BKDR_CARBERP.XF