Home / malwarePDF  

Backdoor.Cobrike


First posted on 01 August 2015.
Source: Symantec

Aliases :

There are no other names known for Backdoor.Cobrike.

Explanation :

The Trojan may arrive as an executable and runs an embedded PowerShell script to perform additional activities on the compromised computer.

Once the Trojan executes the PowerShell script, the script decodes a base64-encoded, gzip-compressed string, which contains a second PowerShell script. This script is then immediately executed.

The second PowerShell script opens a reverse shell to the following remote location through TCP port 80: 159.148.155.91
The Trojan may then perform the following actions: Execute commandsDownload filesOpen a new shell listening on TCP port 80

Last update 01 August 2015

 

TOP