Home / malware Trojan.Sakurel.B
First posted on 18 December 2015.
Source: SymantecAliases :
There are no other names known for Trojan.Sakurel.B.
Explanation :
The Trojan may arrive on the compromised computer through a malicious exploit.
When the Trojan is executed, it creates the following files:
%Temp%\Center[RANDOM CHARACTERS].dat %Temp%\Center[RANDOM CHARACTERS].dat%UserProfile%\Application Data\adobe\adobe.dat
The Trojan creates the following registry entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"AdobePlayer" = regsvr32 /s "%UserProfile%\Application Data\adobe\adobe.dat"
The Trojan appears to be an installer for a legitimate application and shows a decoy installer while a separate process acts maliciously.
The Trojan attempts to open a back door on the compromised computer, and connect to the following remote location:
87.198.23.40 on port 443 using SSL
The Trojan may perform the following actions:
Delete filesMove filesList filesSteal filesDownload potentially malicious filesLaunch processesSend system information to the remote locationOpen a remote shellUninstall itselfLast update 18 December 2015
