Home / malware TrojanDownloader:Win32/Bofang.B
First posted on 26 April 2020.
Source: MicrosoftAliases :
TrojanDownloader:Win32/Bofang.B is also known as Trojan.Downloader.JKXJ, Trojan.DownLoad.5767, a variant of Win32/TrojanDownloader.FakeAlert.JI, Trojan.Win32.Small.ycw, Generic Downloader.x.
Explanation :
TrojanDownloader:Win32/Bofang.B is a trojan that downloads malware from a predefined remote Web site. InstallationWhen run, TrojanDownloader:Win32/Bofang.B copies itself to: %USERPROFILE%Application DataAdobePlayer.exe The registry is modified to run this copy. Adds value: "(default)"With data: "%USERPROFILE%Application DataAdobePlayer.exe"To subkey: HKCUSoftwareMicrosoftWindowsCurrentVersionRun Payload Downloads MalwareTrojanDownloader:Win32/Bofang.B uses BITS (Background Intelligent Transfer Service) to download additional malware from the IP address 78.157.143.163. Analysis by Vitaly Zaytsev
Last update 26 April 2020
