SecurityHome.eu Backdoor:Win64/Swoorp.A

Home / malware PDF

Backdoor:Win64/Swoorp.A

First posted on 16 February 2016.
Source: Microsoft
Aliases :
There are no other names known for Backdoor:Win64/Swoorp.A.
Explanation :
Installation

The malware runs directly from and remains in memory.

Payload

Gathers information about your PC

The malware gathers the following information about your PC, encrypts the information, and sends it to a remote server:

Whether you have a 32-bit or 64-bit operating system

Username

Computer name

Domain name

Operating system version

We have seen it connect to the following servers via HTTP POST:

adode-update.com/cgi-bin/s2.cgi

advertising-all.com/cgi-bin/s2.cgi

The remote server then replies with commands that the backdoor trojan will perform in the system. For example, we've seen it try to:

Run a command shell

Delete the copy of itself

Analysis by Ric Robielos
Last update 16 February 2016

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Backdoor:Win64/Swoorp.A