Home / malware TrojanDownloader:JS/Cryxos.B
First posted on 29 August 2017.
Source: MicrosoftAliases :
There are no other names known for TrojanDownloader:JS/Cryxos.B.
Explanation :
This malicious JavaScript connects to the following remote servers to download its payload:
- hxxp://eurytionedge[.]men/admin[.]php?f=1[.]doc
- hxxp://corymbusadvisor[.]men/admin[.]php?f=1[.]doc
- hxxp://asbetosgem[.]trade/admin[.]php?f=1[.]doc
- hxxp://phaennabazaar[.]trade/admin[.]php?f=1[.]doc
- hxxp://dolopolesasz[.]com/admin[.]php?f=1[.]doc
We have observed this threat download and execute the following malware:
- Ransom:Win32/Betisrypt
- Ransom:Win32/Cerber
Last update 29 August 2017
