Home / malware Backdoor:Win32/Zegost.B
First posted on 15 February 2019.
Source: MicrosoftAliases :
Backdoor:Win32/Zegost.B is also known as W32/BackdoorX.DYQT, BackDoor.Agent.AHGH, BDS/Agent.avvc.1, Win32/Redosdru.CP, Trojan-PWS.Win32.Bjlog, Backdoor.Win32.Agent.avvc, Mal/Zegost-E.
Explanation :
Backdoor:Win32/Zegost.B is the detection for malware that may be used by remote attackers to gain access to the computer in which it is installed. Installation Once installed, it attaches its code to the following legitimate Windows process: svchost.exe Payload Allows backdoor access and control Backdoor:Win32/Zegost.B connects to the following remote server to send and receive data via HTTP transactions: xx0518.3322.org From this server, it may receive commands such as the following: Copying, executing, downloading, and deleting files Gathering information from the RAS phonebook Capturing screenshots Analysis by Marianne Mallen
Last update 15 February 2019