Home / malware Backdoor.Boksdrop
First posted on 03 December 2015.
Source: SymantecAliases :
There are no other names known for Backdoor.Boksdrop.
Explanation :
The Trojan may arrive as a file downloaded by malicious documents attached to spear-phishing emails.
When this Trojan is executed, it creates the following files: %Temp%\WmiApCom%Temp%\WmiApCom.bat%Temp%\upload.bat%Temp%\upload.rar%Temp%\silent.txt%Temp%\period.txt
Next, the Trojan connects to the following URL through TCP port 443 to download commands and upload data: api-content.dropbox.com
The Trojan may download more files and update itself.Last update 03 December 2015
