Home / malwarePDF  

Backdoor.Drapion


First posted on 23 February 2016.
Source: Symantec

Aliases :

There are no other names known for Backdoor.Drapion.

Explanation :

The Trojan may arrive on the compromised computer as a .DLL file after being dropped by a dropper

The Trojan opens a back door on the compromised computer, and connects to one of the following locations:
198.144.100.73173.194.72.105208.61.229.10200.215.222.105203.70.205.5861.222.137.66unpt.defultname.comgspt.dns1.ushyydn.nortonsoft.commhysix.mcfeesoft.comexchange03.sendsmtp.com
The Trojan may collect the following information and send it to a remote location:
Computer nameIP address
The Trojan may perform the following actions:
Create a remote shellDownload filesExecute filesUpload files

Last update 23 February 2016

 

TOP