Mar21
by
Jonell Baltazar (Advanced Threats Researcher)
Today we received two samples related to the TROJ_YABE malware family with different MD5 hash.
| Detection | ||
| File Name | : Rechnung-Single.de.doc.exe | TROJ_YABE.BT |
| File Size | : 18,432 bytes | |
| MD5 | : 3dc607942049e82e7108443cc5d87403: c85657e8cda72be356554856f4158562 | |
| Downloaded Files | : ws25.exe (116,952 bytes): ws26.exe (116,952 bytes) | TROJ_DLOADER.KEH |
| Related File | : ipv6monl.dll (84,184 bytes) | TSPY_BZUB.CX |
| Download URL | : http://www.{blocked}-hovic.sk/_sub/wap/iexplorer.exe: http://www.{blocked}.sk/_sub/suchy/admin/img/iexplorer.exe |
A second wave of spamming was also reported. Following are some details:
| Detection | ||
| File Name | : T-Com.pdf.exe | TROJ_YABE.BT |
| File Size | : 44,032 bytes | |
| Downloaded Files | : win994.exe (100,056 bytes) | TSPY_BZUB.CX |
| Related File | : ipv6monl.dll (66,776 bytes) | TSPY_BZUB.CX |
Thanks to Alice Decker for the valuable information.
