Home / malware Trojan.Otlard
First posted on 01 December 2015.
Source: SymantecAliases :
There are no other names known for Trojan.Otlard.
Explanation :
When the Trojan is executed, it creates the following files:
%System%\drivers\[RANDOM CHARACTERS].sys
The Trojan then creates the following registry entry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\"[RANDOM CHARACTERS] ImagePath" = "%System%\drivers\[RANDOM CHARACTERS].sys"
The Trojan then creates the following mutex:
gootkit
The Trojan then injects its code into the following process:
svchost.exe
The Trojan then connects to the following URLs:
server10.ss2.nameserver1.ss2.namehbot.aswind.bizv00d00.orgheathen.ccTouKizu7oi4tobeD.comjaddf.comOyah9eeshaCei2ae.comRu7Noh8quoob8moh.comtaishous4nohshiY.comwahlae0ohGurae2t.comLast update 01 December 2015
