Home / malware Backdoor.Mokes
First posted on 02 February 2016.
Source: SymantecAliases :
There are no other names known for Backdoor.Mokes.
Explanation :
This Trojan is manually installed.
When the Trojan is executed, it creates one of the following files: %AppData%\Skype\SkypeHelper.exe%AppData%\Dropbox\bin\DropboxHelper.exe%AppData%\Google\Chrome\nacl32.exe%AppData%\Google\Chrome\nacl64.exe%AppData%\Mozilla\Firefox\mozillacache.exe%AppData%\Adobe\Acrobat\AcroBroker.exe%AppData%\Hewlett-Packard\hpqcore.exe%AppData%\Hewlett-Packard\hpprint.exe%AppData%\Hewlett-Packard\hpscan.exe[PATH TO MALWARE]\version
The Trojan then creates the following registry entry so that it runs every time Windows starts:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[EXECUTABLE STEM]" = "[PATH TO MALWARE]"
Next, the Trojan opens a back door on the compromised computer and connects to the following remote locations: 149.202.69.6jessiman901.com
The Trojan may then perform the following actions: Take screenshots and webcam photographsLog user activityUpload the recorded data and activity to the attackers' remote locationsLast update 02 February 2016