Trojan.Bisonal

Trojan.Bisonal is a detection name that security experts use when discussing a backdoor Trojan. The first detection of Trojan.Bisonal dates back to March 31st, 2015 with a major update to the Trojan pushed on September 22nd, 2016. Trojan.Bisonal is among the high-level representatives of its class such as Backdoor:Win32/Nosrawec.C and Backdoor.IRC.Zapchast. Trojan.Bisonal can be injected to a targeted computer by using phishing emails that carry the payload. Experts add that Trojan.Bisonal may be downloaded to remote computers with the help of tools such as the G01pack Exploit Kit and malvertising.

The Bisonal Trojan is associated with a long list of files that have random names and include 'conhost.exe' and 'dfea.exe.' The Bisonal Trojan is reported to load files in the Temp and Windows directories before it proceeds to connect to the Internet and enable remote access to the compromised PC. Researchers add that the main executable of Trojan.Bisonal may be seen in the list of startup programs since the thread adds the following key to the OS Registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"dfea" = "%Windir%\tasks\dfea.exe."

As stated above, Bisonal is classified as an advanced Backdoor Trojan that supports several features. Trojan.Bisonal can complete tasks like creating executable on the victim's PC, building a list of the running processes, opening a command shell and self-destructing (delete its file structure and Registry keys). The Trojan.Bisonal threat is programmed to listen for commands from a remote server using standard ports like 80 and 443. Advanced computer users may be able to detect suspicious communications that belong to Trojan.Bisonal using tools like Wireshark. Many users may want to use a trusted anti-malware instrument to purge the Trojan.Bisonal threat efficiently.