Home / malwarePDF  

Backdoor.Switrex


First posted on 04 September 2015.
Source: Symantec

Aliases :

There are no other names known for Backdoor.Switrex.

Explanation :

Once executed, the Trojan creates the following file:
%AllUsersProfile%\Start Menu\Programs\Startup\[THREAT FILE NAME].lnk
The Trojan creates the following registry entry so that it runs every time Windows starts:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Update Application" = "[PATH TO THREAT]"
Next, the Trojan may connect to the following command-and-control (C&C) servers:
uaelab.mypsx.netjohn.cable-modem.org
The Trojan then opens a back door on the compromised computer, allowing an attacker to perform the following actions:
Download and execute filesExecute commands
The Trojan may also gather the following information from the compromised computer:
HOST nameUser nameOperating system versionCPU informationGUIDLanguage settingsCurrent timeMemory usageScreen sizeList of installed programs
The Trojan may then send the gathered information to the C&C servers.

Last update 04 September 2015

 

TOP