SecurityHome.eu TrojanDownloader:Win32/Zdowbot.C

Home / malware PDF

TrojanDownloader:Win32/Zdowbot.C

First posted on 15 March 2017.
Source: Microsoft
Aliases :
There are no other names known for TrojanDownloader:Win32/Zdowbot.C.
Explanation :
Installation
This threat can get installed in your PC when you get socially-engineered to click a malicious spam email attachment.

Payload

Downloads malware

We have seen this threat download malware in its victim machines.

Connects to a remote host

We have seen this threat connect to a remote host, including the following C2 servers:

hxxp://mohaneventuse.com/ls5/gate.php

hxxp://sinresguref.ru/ls5/gate.php

hxxp://kinuginthat.ru/ls5/gate.php

hxxp://sinforonhad.com/ls5/gate.php

hxxp://pehedforhers.ru/ls5/gate.php

hxxp://wronlacbeher.ru/ls5/gate.php

Malware can connect to a remote host to do any of the following:

Verify network connectivity

hxxp://api.ipify

Send the following information taken from your PC:

IP address

Machine GUID

OS Build

System Type

Last update 15 March 2017

TOP

Malware :

Last 20

Family:

TrojanDownloader:Win32/Zdowbot.C