Home / malware Trojan.Melongad
First posted on 28 November 2015.
Source: SymantecAliases :
There are no other names known for Trojan.Melongad.
Explanation :
When the Trojan is executed, it creates the following file:
%AppData%\conhost.exe
The Trojan creates the following registry entry so that it runs every time Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Java Updater" = "%AppData%\conhost.exe"
The Trojan may then perform the following actions as part of a botnet:
Download and execute filesExecute DDoS attacksVisit websitesExecute remote shell backdoorSteal passwords from Filezilla, Steam, and MinecraftPerfrom SHA256 and Scrypt-based currency miningPrevent antivirus products from runningLast update 28 November 2015
