This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects traffic generated by Infostealer.Bankeiya which could lead to information theft and further infection of the affected system.
When the Trojan is executed, it creates the following registry entry so that it executes whenever Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\IcpIpCfg = Rundll32 %UserProfile%\Application Data\[RANDOM FILE NAME].dll MainThread
Next, the Trojan downloads configuration settings from the following URL:
It then saves the configuration settings to the following file before updating itself: