Home / malware TrojanDownloader:Win32/Beebone.gen!A
First posted on 10 April 2012.
Source: MicrosoftAliases :
TrojanDownloader:Win32/Beebone.gen!A is also known as Trojan.Win32.Zapchast.ablx (Kaspersky), W32/VB.SF (Norman), TR/Dldr.Beebone.A.44 (Avira), Win32/TrojanDownloader.VB.PRE trojan (ESET), Trojan-Downloader.Win32.Beebone (Ikarus), W32.Changeup (Symantec).
Explanation :
TrojanDownloader:Win32/Beebone.gen!A is an obfuscated trojan, written in Visual Basic (VB), that downloads other malware.
Top
TrojanDownloader:Win32/Beebone.gen!A is an obfuscated trojan, written in Visual Basic (VB), that downloads other malware.
When run, Beebone downloads files with variable file names to the %USERPROFILE% folder then executes them. The trojan downloads these files from a number of different URLs, some examples below:
- svrupdates001.s3h.net:23345/b/77776640/1
- svrupdates001.s3h.net:23345/b/77776640/bb1
- svrupdates001.s3h.net:23345/b/77776640/z
Payload
Downloads other malware
In the wild, we have observed TrojanDownloader:Win32/Beebone.gen!A downloading the following malware:
- Win32/Acbot
- Win32/Sirefef
- Win32/Vobfus
Analysis by Shawn Wang
Last update 10 April 2012
