Home / malware Backdoor.Klabcon.B
First posted on 11 June 2014.
Source: SymantecAliases :
There are no other names known for Backdoor.Klabcon.B.
Explanation :
Backdoor.Klabcon.B is downloaded by Backdoor.Klabcon. It is an updated version of Backdoor.Klabcon.
Once executed, the Trojan creates the following log file:
%System%\Runlog.ocx
The log file contains a list of the Trojan's operations including the following:
Date and time the Trojan was executedDate and time of any connections to command-and-control (C&C) serverDate and time of any errors during execution
Log entries are formatted as follows:
[YYYY]-[MM]-[DD] [HH]:[MM]:[SS] [EVENT]
The Trojan opens a back door on the compromised computer, and connects to one or more of the following domains:
anakin819.meibu.netanakin.kmdns.netrookie819.eicp.net
The Trojan steals the following information from the compromised computer and sends it to the remote attacker:
CPU information and processor nameDrive informationMemory usage informationDisk space information
The Trojan may then perform the following actions:
Download files from a specified URLEnumerate servicesDownload additional modulesRun and stop additional downloaded malwareLast update 11 June 2014
