TiGeRFirewall
Brazilian banking Trojani. .NET malware using LORDDecrypt encryption of the LORD group, identified by the TiGeR-Firewall marker. It has the capabilities of fake Adobe Update mask, Umbrella.flv.exe dropper, netsh firewall manipulation, webcam with avicap32.dll, and clipboard monitoring with ClipboardProxy.
Threat Profile
Type
Backdoor
Programming LanguageC#/.NET
C2 Protocolcustom
First Seen2020
Targets
Brezilya/Latin Amerika
Purpose / Capabilities
- Banking Trojan/RAT
No C2 servers have been identified for this family yet.
Research Reports (1)
TiGeRFirewall 39cbd2d2 -- Brazilian-Banking-Trojan LORDDecrypt Umbrella-flv-exe netsh-firewall-allowedprogram avicap32-webcam Adobe-Update-disguise ClipboardProxy | Yuksek
TiGeRFirewall 39cbd2d2 PE32 .NET 93KB. Brezilya banking trojan. LORDDecrypt. Umbrella.flv.exe. netsh firewall add allowedprogram. avicap32.dll webcam. Adobe Update maskesi.
Read Report →