Kaspersky Threats — Downloader.Win32.Ubot.bri

Class: Downloader

Programs of this type stealthily download a variety of content from network resources. They are not malicious programs, but malicious users can use them to download malicious content onto a victim computer. If a user has installed such a program on his/her computer, or if it was installed by a system administrator, then it does not pose any threat.

Read more

Platform: Win32

Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.

Family: Downloader.Win32.Ubot.bri

No family description

Examples

9DA60FC71EFC29132B02675D0345E713
34C59F92DE38CFBCC7381FBF214D87FD
5C5128DBA82C657B37D582A2065C02CF
7B3FE66E649749FDA5691E007D0E8E83
2CE6EEE3F368FBF47840055F0D8BD8C3

Tactics and Techniques: Mitre*

TA0005

Defense Evasion

Adversaries may inject malicious code into suspended and hollowed processes in order to evade process-based defenses. Process hollowing is a method of executing arbitrary code in the address space of a separate live process.

T1055.012

Process Hollowing

TA0007

Discovery

Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.

T1012

Query Registry

Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.

T1614.001

System Language Discovery

Adversaries may attempt to gather information about the system language of a victim in order to infer the geographical location of that host. This information may be used to shape follow-on behaviors, including whether the adversary infects the target and/or attempts specific actions. This decision may be employed by malware developers and operators to reduce their risk of attracting the attention of specific law enforcement agencies or prosecution/scrutiny from other entities.