Bird_banner_small4
Trojan-Downloader.Win32.Kongger.A
TSL ID TSL20120315-03
Severity Moderate
Description

Trojan-Downloader.Win32.Kongger. A is a Trickler that targets the Windows platform. It has been reported that this Downloader is used in a targeted attack against various Tibetan activist organizations. It arrives on the infected system through a spear phishing email, containing a Microsoft Word document which drops a malicious component on the infected system. Moreover, this malware signals back to a remote server sending its configuration information, expecting to receive other malicious file. One component of the malware is signed with a stolen certificate, while the other is signed with a fake one.

Affected Products
  • Microsoft Windows All Versions
File Hashes
MD5:
  • 863D20BAB53E9E42FD567F223D9A003E
  • B47E7331DEB9D7EAEB0549CB319FA54F
  • D50C18C19416FE319155DCF2AD8BF444
  • E5BF9C400B5ABD07B68BEB5725467723
  • FFB315A527824C6D15B3E35D8721088D
References http://labs.alienvault.com/labs/index.php/2012/targeted-attacks-against-tibet-organizations/
Related Threats TSL20110510-04 - Backdoor.Win32.PCRat.A
TSL20101109-13 - Microsoft Office RTF Stack Buffer Overflow