This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects traffic related to Trojan.Sponkirob.
Trojan.Sponkirob is a Trojan horse that steals information and mines for cryptocurrencies on the compromised computer.
When the Trojan is executed, it creates the following files:
Next, the Trojan creates the following registry entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"ichrome" = "%UserProfile%\Application Data\chrome.exe"
The Trojan then creates the following mutex:
The Trojan then connects to the following remote location:
The Trojan then sends a fingerprint consisting of the following system information to its remote location:
Network interface card
If this system information is unavailable, the Trojan sends the following default fingerprint:
The Trojan may then gather account information from the following websites:
The Trojan may then mine for cryptocurrencies on the compromised computer using the following mining tools: