Home / malwarePDF  

TrojanDownloader:JS/Swabfex.A


First posted on 19 January 2020.
Source: Microsoft

Aliases :

TrojanDownloader:JS/Swabfex.A is also known as JS/Downloader, JS.DownLoader.555, JS/Nemucod.BU!tr, Trojan.JS.Downloader, JS.Downloader, JS_EXPLOYT.PB.

Explanation :

Installation

The malware typically installs itself as a .zip archived email attachment and uses some form of social engineering to get the user to click the file.

See what the email typically looks like below:

 

The contents of the attached zip archive is a JavaScript file with a similar name. The malware is executed when the user double-clicks on the script. See the screenshot of the JavaScript file below:

Payload

Downloads malware and runs files

When the malware is installed and ran, it connects to a remote host through HTTP and downloads an executable file.

The file is saved in the %TEMP% directory as .exe, for example 1.exe.

This malware has also been seen to download variants of the Tescrypt Ransomware family.

Additional information

We have seen this threat use the following file names for the attachment:   $RV5XTK2.zip Your order #00438783 is approved.zip 00000142614.zip doc.zip 0000105620.zip doc_03x8lZpU3X.zip 000121561.zip document-00000310850.zip 00112321.zip document0000182514.zip 11162015 44115 PM.zip document_00926720.zip America_Airlines_Ticket_00000166017.zip fax-00000570999.zip Court_Notification_00000135992.zip fax00000201518.zip Delivery_Notification_00000311671.zip fax_00000523833.zip E-Ticket_00000162243.zip img.zip E-ZPass_00000156429.zip info.zip E-ZPass_Invoice_00000144593.zip info_05mCRNAVKk.zip FedEx_ID_00000512178.zip inv_0015.zip Indebted for driving on toll road #0000375149.zip inv_003.zip Indebtedness for driving on toll road #0000865760.zip invoice_copy_0dJjoJn0dsf.zip Invoice_00000191030.zip output6.zip Notice to Appear.zip scan-00000209333.zip Notice to appear in Court #00923981.zip scan00000138284.zip Notice_to_Appear_00000113844.zip scan_00000741887.zip Order_00000122476.zip scanned-00000337132.zip Payment for driving on toll road, invoice #000383135.zip scanned00000659313.zip Refund_Payment_Details_000395157.zip task-00000482466.zip Tax_Refund_00000111558.zip task00000453441.zip Your e-ticket #00000929404.zip      

Last update 19 January 2020

 

TOP

Malware :

Family: