SecurityHome.eu TrojanDownloader:Win32/Dofoil.AB

Home / malware PDF

TrojanDownloader:Win32/Dofoil.AB

First posted on 08 March 2018.
Source: Microsoft
Aliases :
There are no other names known for TrojanDownloader:Win32/Dofoil.AB.
Explanation :
When run, this trojan injects its code into File Explorer (explorer.exe). It then deletes its original copy.

It drops an executable file—a randomly named copy of itself—into the %LOCALAPPDATA% folder. To stay persistent, it creates a variably named registry entry:

In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Sets value:
With data:

We have observed some samples of this trojan use names from the Uninstall key in the registry. This disguises the trojan registry entry as something created by another application.

This trojan then connects to a remote location to download and run other malware, including samples detected as Trojan:Win32/Dofoil.AB and Trojan:Win32/CoinMiner.D.
Last update 08 March 2018

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

TrojanDownloader:Win32/Dofoil.AB
TrojanDownloader:Win32/Dofoil.X
TrojanDownloader:Win32/Dofoil.S