TiGeRFirewall

Brazilian banking Trojani. .NET malware using LORDDecrypt encryption of the LORD group, identified by the TiGeR-Firewall marker. It has the capabilities of fake Adobe Update mask, Umbrella.flv.exe dropper, netsh firewall manipulation, webcam with avicap32.dll, and clipboard monitoring with ClipboardProxy.

Threat Profile
Type Backdoor
Programming LanguageC#/.NET
C2 Protocolcustom
First Seen2020
Targets Brezilya/Latin Amerika
Purpose / Capabilities
  • Banking Trojan/RAT
No C2 servers have been identified for this family yet.

Research Reports (1)

High

TiGeRFirewall 39cbd2d2 -- Brazilian-Banking-Trojan LORDDecrypt Umbrella-flv-exe netsh-firewall-allowedprogram avicap32-webcam Adobe-Update-disguise ClipboardProxy | Yuksek

TiGeRFirewall 39cbd2d2 PE32 .NET 93KB. Brezilya banking trojan. LORDDecrypt. Umbrella.flv.exe. netsh firewall add allowedprogram. avicap32.dll webcam. Adobe Update maskesi.

Read Report →