Bird_banner_small4
Trojan-Downloader.Win32.Coreshell.A
TSL ID TSL20141028-04
Severity Moderate
Description

Trojan-Downloader.Win32.Coreshell.A is a Trickler that targets the Windows platform. This malware sends out system information to a remote server. Furthermore, it can download and execute files on the infected computer.

Affected Products
  • Microsoft Windows All Versions
File Hashes
MD5:
  • 272F0FDE35DBDFCCBCA1E33373B3570D
SHA1:
  • D87B310AA81AE6254FFF27B7D57F76035F544073
Identifiers
Kaspersky
  • BACKDOOR.WIN32.AGENT.DEHJ
Microsoft Malware Protection Center
Sophos
  • TROJ/CORESH-A
TrendMicro
AhnLab
  • TROJAN/WIN32.SEDNIT
AVG
  • BACKDOOR.AGENT.AWVA
Avira
  • TR/SPY.11264.432
Baidu
  • BACKDOOR.WIN32.AGENT.AACC
ESET
  • WIN32/SEDNIT.B
FireEye
  • APT28
  • CORESHELL
Fortinet
  • W32/CORESH.A!TR
Qihoo-360
  • WIN32/BACKDOOR.638
References https://www.alienvault.com/open-threat-exchange/blog/from-russia-with-love-sofacy-sednit-apt28-is-in-town
https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html
http://www.fireeye.com/blog/technical/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html
Related Threats TSL20110908-01 - Trojan.Win32.Sofacy.A