Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Golroted Malware Information

    • Updated:
    • 31 Jul 2019
    • Product/Version:
    • Apex One 2019
    • Deep Discovery Email Inspector 3.5
    • Deep Discovery Inspector 5.5
    • Deep Security 12.0
    • InterScan Messaging Security Suite 9.1
    • Interscan Web Security Virtual Appliance 6.5
    • OfficeScan XG
    • ScanMail for Exchange 14.0
    • Platform:
    • N/A N/A
Summary

Golroted is the detection for Hawkeye which is a simple keylogger used by Nigerian scammers who targeted small and medium-sized businesses on 2015. This enabled the scammers to obtain information and knowledge about their victims’ partners, affiliates and business contacts to launch more scams, and move laterally across larger organizations related to the original victims.

Golroted is distributed in Microsoft Word, Microsoft Excel and Rich Text Format files through phishing emails. The attachment contains encrypted malware code hidden within the document. The Trojan-Spyware sends the stolen information to the email address of the malware author via Simple Mail Transfer Protocol (SMTP).

As an example: Microsoft Excel contains only macro code while Microsoft Word has additional embedded image with macro code.

This Trojan-Spyware steals the following:

  • Computer Information (OS info, IP, System Privileged)
  • User names and passwords of games such as Minecraft
  • File Transfer Protocol (FTP) clients or file manager software stored account information
  • Email credentials of popular mail clients
  • Browser’s user names, passwords and hostnames
  • Logs user's keystrokes

Behaviors

  • Add Image File Execution Options in registry to prevent anti-virus programs from executing
  • Terminates itself when executed in a sandbox environment.

Capabilities

  • Information Theft
  • Propagation

Impact

  • Financial Loss - steals financial information of user by stealing browser information.
  • Compromise system security - Disables user’s security software
  • Violation of user privacy - gathers user credentials, logs keystroke and steals user information

Infection Routine

Routine

File Reputation

Detection/Policy/RulesPattern Branch/VersionRelease Date
TrojanSpy.Win32.GOLROTED.SMA.hpENT OPR 15.183.00June 18, 2019
Trojan.W97M.GOLROTED.B
TrojanSpy.Win32.GOLROTED.BABBP

Behavior Monitoring

Pattern Branch/VersionRelease Date
TMTD OPR 1515February 12, 2016

Predictive Machine Learning

DetectionPattern Branch/Version
TROJ.Win32.TRX.XXPE50FFF031In-the-cloud

Web Reputation

Detection/Policy/RulesPattern Branch/Version
URL ProtectionIn-the-cloud

Anti Spam

Pattern Branch/VersionRelease Date
AS Pattern 4698June 20, 2019
Details
Public

Solution Map - What should customers do?

Trend Micro SolutionMajor ProductLatest VersionVirus PatternAnti-Spam PatternNetwork PatternBehavior MonitoringPredictive Machine LearningWeb Reputation





Endpoint Security
ApexOne2019



Update pattern via web console



Not Applicable
Update pattern via web console



Enable Behavior Monitoring and update pattern via web console




Enable Predictive Machine Learning




Enable Web Reputation Service and update pattern via web console
OfficeScanXG (12.0)


Not Applicable

Worry-Free Business Security
Standard (10.0)
Advanced (10.0)Update pattern via web console
Hybrid Cloud SecurityDeep Security12.0Update pattern via web consoleNot ApplicableUpdate pattern via web consoleEnable Behavior Monitoring and update pattern via web consoleEnable Predictive Machine LearningEnable Web Reputation Service and update pattern via web console





Email and Gateway Security
Deep Discovery Email Inspector3.5




Update pattern via web console





Update pattern via web console
Update pattern via web console




Not Applicable





Not Applicable




Enable Web Reputation Service and update pattern via web console
InterScan Messaging Security9.1


Not Applicable
InterScan Web Security6.5
ScanMail for Microsoft Exchange14.0
Network SecurityDeep Discovery Inspector5.5Update pattern via web consoleNot ApplicableUpdate pattern via web consoleNot ApplicableNot ApplicableEnable Web Reputation Service and update pattern via web console

Recommendation

Threat Report

Blogs

Premium
Internal
Rating:
Category:
Remove a Malware / Virus
Solution Id:
1123282
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.