SecurityHome.eu Backdoor.Citrat

Home / malware PDF

Backdoor.Citrat

First posted on 13 August 2014.
Source: Symantec
Aliases :
There are no other names known for Backdoor.Citrat.
Explanation :
When the Trojan is executed, it creates the following files: %System%\[RANDOM CHARACTERS OR NUMBERS].exe%System%\[RANDOM CHARACTERS OR NUMBERS].dll
Next, the Trojan creates the following registry entry so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\"load"="%System%\[RANDOM CHARACTERS OR NUMBERS].exe"

The Trojan then connects to the following remote locations: chanxe.avstore.com.twnewb02.skypetm.com.twjackyandy.avstore.com.tw
The Trojan may then perform the following actions: Create a remote shellDownload and upload files
Last update 13 August 2014

TOP

Malware :

Dridex
Shamoon 2
Hitler-Ransomware
Trojan.Win32.Vicepass.A
ButterflyBot.A

Last 20

Family:

Backdoor.Typideg!gen1
Backdoor.Breut!gm
Backdoor:Solaris/Wanukdoor.A
Backdoor.Winnti!gen3
Backdoor.Korplug!gm
Backdoor.Gresim!gen1
Backdoor.Win32.Wisdoor.N
Backdoor:W32/PcClient.YW
Backdoor.Destover
Backdoor.Oldrea!gen1