What Is It?
Ukrainian security firm Information Systems Security Partners (ISSP) discovered a currently unnamed malware distribution campaign which was serving malware from the website of another Ukrainian financial software developer, Crystal Finance Millennium. ISSP suggested that it could be an indication that another large scale cyberattack is imminent, though the evidence may not support that conclusion.
The load.exe sample is a banking Trojan which is also capable of downloading other files, logging keystrokes and communicates with a C2 (Command & Control) host.
How Does It Propagate?
When/How Did BluVector Detect It?
The Trojan load.exe is identified as malicious by BluVector’s machine learning malware detection engine. Regression testing has shown this Trojan would have been detected by BluVector more than two years ago.